Recognize-Security

Apple Safari for Windows Vulnerabilities

Posted by Trancer on Jun 12 2007

Apple Safari In less then 24 hours since Apple released a Windows version of Safari web browser (v3 Beta), security researches already disclosed some high risk vulnerabilities.
This is the findings so far:

Apple Safari for Windows Unspecified Denial of Service Vulnerability by Aviv Raff (Bugtraq ID: 24431).
Apple Safari for Windows Memory Corruption Vulnerability by David Maynor (Bugtraq ID: 24433).
Apple Safari for Windows URL Protocol Handler Command Injection by Thor Larholm (Bugtraq ID: 24434).
Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities by Tom Ferris (Bugtraq ID: 24446).
Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability by Robert Swiecki (Bugtraq ID: 24457 – PoC).
Apple Safari for Windows “ROWSPAN” Denial of Service (Null Pointer) Vulnerability by Yannick von Arx (Bugtraq ID: 17674 – PoC).
Apple Safari Password Manager Cross-Site Information Disclosure Weakness (Reverse Cross-Site Request) by David Teare (Bugtraq ID: 21329 – PoC).
Apple Safari for Windows Content and URL Bar Spoofing Vulnerability by Robert Swiecki (Bugtraq ID: 24484 – PoC).
Apple Safari for Windows Corefoundation.DLL Denial of Service Vulnerability by Lostmon (Bugtraq ID: 24497 – PoC).
Apple Safari for Windows Document.Location Denial of Service Vulnerability by azizov@itdefence.ru (Bugtraq ID: 24499 – PoC).
Apple Webkit Invalid Type Conversion Remote Code Execution Vulnerability by Rhys Kidd (Bugtraq ID: 24597).
Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability by Richard Moore of Westpoint Ltd (Bugtraq ID: 24598).
Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability by Lawrence Lai, Stan Switzer, Ed Rowe of Adobe Systems (Bugtraq ID: 24599).

Cool ain’t it? Here’s my 2 cents –

Apple Safari for Windows feed:// URI Denial of Service Vulnerability.

(click to enlarge)
Also on:
BID 24460
OSVDB 38864

Stay tuned for more updates.

UPDATE:
SecurityFocus – Flaw hunters go off on Safari

UPDATE 2:
14/06/2007 – Apple has released a new version of Safari for Windows – v3.0.1 Beta, check the security announcement.
There are additional vulnerabilities that has disclosed and reported to Apple, and hasn’t been fixed.

Fixed vulnerabilities:

Bugtraq ID: 17674
Bugtraq ID: 24431
Bugtraq ID: 24433
Bugtraq ID: 24434
Bugtraq ID: 24446
Bugtraq ID: 24457

Unfixed vulnerabilities:

Bugtraq ID: 21329
Bugtraq ID: 24460
Bugtraq ID: 24484
Bugtraq ID: 24497
Bugtraq ID: 24499

It’s great that they respond quickly, but what’s the point in releasing a security patch without fixing all vulnerabilities?

UPDATE 3:
22/06/2007 – Apple has released a new version of Safari for Windows – v3.0.2 Beta – security announcement.

Fixed vulnerabilities:

Bugtraq ID: 24460
Bugtraq ID: 24484
Bugtraq ID: 24497
Bugtraq ID: 24499
Bugtraq ID: 24597
Bugtraq ID: 24598
Bugtraq ID: 24599

Unfixed vulnerabilities:

Bugtraq ID: 21329

Apple fixed the feed:// URI DoS (NULL pointer deference) vulnerability, found by us. Mentioned in the release notes.
Note that Safari 3.0.2 still vulnerable to the Reverse Cross-Site Request flaw, found by David Teare.

Categories: Vulnerabilities

7 Comments | Comments RSS | TrackBack URL

7 Responses to “Apple Safari for Windows Vulnerabilities”

jsz says:

June 14, 2007 at 1:09 am

feed://% , complicated exploit indeed ; )
And this is way companies(yup even apple) should be more alert to their software security(!).

Less then 24h , and theres already more then 3 vulnerabilities ? it’s more then IE ..
kevinn says:

June 15, 2007 at 8:02 am

At least less than a week, they rolled an update out. Unlike MS.
jsz says:

June 15, 2007 at 3:10 pm

Thats also right…
Anon Ymous says:

June 17, 2007 at 6:57 pm

You have listed Bugtraq ID: 17674 as unfixed, yet the proof of concept has no effect in the Safari 3 beta. Care to update your list to reflect reality?
Trancer says:

June 17, 2007 at 11:09 pm

Yep, thanks.
sikli says:

November 4, 2007 at 4:44 pm

god job thank you
Recognize-Security | Apple Safari 4 Beta Vulnerabilities says:

February 25, 2009 at 4:39 pm

[...] a deja vu feeling… On June 2007 Apple released a Windows version of Safari web browser. Back then it was the first version of this [...]

Recognize-Security Welcome to the Machine June 2007

Apple Safari for Windows Vulnerabilities Posted by Trancer on Jun 12 2007 In less then 24 hours since Apple released a Windows version of Safari web browser (v3 Beta), security researches already disclosed some high risk vulnerabilities. This is the findings so far: Apple Safari for Windows Unspecified Denial of Service Vulnerability by Aviv Raff (Bugtraq ID: 24431). Apple Safari for Windows Memory Corruption Vulnerability by David Maynor (Bugtraq ID: 24433). Apple Safari for Windows URL Protocol Handler Command Injection by Thor Larholm (Bugtraq ID: 24434). Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities by Tom Ferris (Bugtraq ID: 24446). Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability by Robert Swiecki (Bugtraq ID: 24457 – PoC). Apple Safari for Windows “ROWSPAN” Denial of Service (Null Pointer) Vulnerability by Yannick von Arx (Bugtraq ID: 17674 – PoC). Apple Safari Password Manager Cross-Site Information Disclosure Weakness (Reverse Cross-Site Request) by David Teare (Bugtraq ID: 21329 – PoC). Apple Safari for Windows Content and URL Bar Spoofing Vulnerability by Robert Swiecki (Bugtraq ID: 24484 – PoC). Apple Safari for Windows Corefoundation.DLL Denial of Service Vulnerability by Lostmon (Bugtraq ID: 24497 – PoC). Apple Safari for Windows Document.Location Denial of Service Vulnerability by azizov@itdefence.ru (Bugtraq ID: 24499 – PoC). Apple Webkit Invalid Type Conversion Remote Code Execution Vulnerability by Rhys Kidd (Bugtraq ID: 24597). Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability by Richard Moore of Westpoint Ltd (Bugtraq ID: 24598). Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability by Lawrence Lai, Stan Switzer, Ed Rowe of Adobe Systems (Bugtraq ID: 24599). Cool ain’t it? Here’s my 2 cents – Apple Safari for Windows feed:// URI Denial of Service Vulnerability. (click to enlarge) Also on: BID 24460 OSVDB 38864 Stay tuned for more updates. UPDATE: SecurityFocus – Flaw hunters go off on Safari UPDATE 2: 14/06/2007 – Apple has released a new version of Safari for Windows – v3.0.1 Beta, check the security announcement. There are additional vulnerabilities that has disclosed and reported to Apple, and hasn’t been fixed. Fixed vulnerabilities: Bugtraq ID: 17674 Bugtraq ID: 24431 Bugtraq ID: 24433 Bugtraq ID: 24434 Bugtraq ID: 24446 Bugtraq ID: 24457 Unfixed vulnerabilities: Bugtraq ID: 21329 Bugtraq ID: 24460 Bugtraq ID: 24484 Bugtraq ID: 24497 Bugtraq ID: 24499 It’s great that they respond quickly, but what’s the point in releasing a security patch without fixing all vulnerabilities? UPDATE 3: 22/06/2007 – Apple has released a new version of Safari for Windows – v3.0.2 Beta – security announcement. Fixed vulnerabilities: Bugtraq ID: 24460 Bugtraq ID: 24484 Bugtraq ID: 24497 Bugtraq ID: 24499 Bugtraq ID: 24597 Bugtraq ID: 24598 Bugtraq ID: 24599 Unfixed vulnerabilities: Bugtraq ID: 21329 Apple fixed the feed:// URI DoS (NULL pointer deference) vulnerability, found by us. Mentioned in the release notes. Note that Safari 3.0.2 still vulnerable to the Reverse Cross-Site Request flaw, found by David Teare. Categories: Vulnerabilities 7 Comments \| Comments RSS \| TrackBack URL 7 Responses to “Apple Safari for Windows Vulnerabilities” jsz says: June 14, 2007 at 1:09 am feed://% , complicated exploit indeed ; ) And this is way companies(yup even apple) should be more alert to their software security(!). Less then 24h , and theres already more then 3 vulnerabilities ? it’s more then IE .. kevinn says: June 15, 2007 at 8:02 am At least less than a week, they rolled an update out. Unlike MS. jsz says: June 15, 2007 at 3:10 pm Thats also right… Anon Ymous says: June 17, 2007 at 6:57 pm You have listed Bugtraq ID: 17674 as unfixed, yet the proof of concept has no effect in the Safari 3 beta. Care to update your list to reflect reality? Trancer says: June 17, 2007 at 11:09 pm Yep, thanks. sikli says: November 4, 2007 at 4:44 pm god job thank you Recognize-Security \| Apple Safari 4 Beta Vulnerabilities says: February 25, 2009 at 4:39 pm [...] a deja vu feeling… On June 2007 Apple released a Windows version of Safari web browser. Back then it was the first version of this [...] Leave a Reply Click here to cancel reply. Name (required) Mail (will not be published) (required) Website	Categories Advisories Articles Exploitation Exploits LOLz Malware Metasploit Presentations Rec-Sec Security News Tools Vulnerabilities Web Application Security Archives March 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 December 2008 November 2008 October 2008 September 2008 August 2008 January 2008 June 2007 May 2007 April 2007 March 2007 February 2007 Pages About Recognize-Security Links BinaryVision BlackHat Security BugSec Ltd. Digital Whisper Extraexploit Inj3ct0r exploit database milw0rm NiX IRC Network NullByte Pankaj Kohli Peter Van Eeckhoutte The Metasploit Project TryThis0ne Udi Mosayev Uninformed xorl eax, eax Meta RSS 2.0 ATOM 1.0 RDF 1.0 Links OPML OpenSearch
Valid XHTML \| Valid CSS \| RSS \| Comments RSS Copyright © 2009 Recognize-Security. Some rights reserved. ~~Security~~ Hacking, However, is an art, not a science.

June 2007

Apple Safari for Windows Vulnerabilities

7 Responses to “Apple Safari for Windows Vulnerabilities”

Leave a Reply