Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by malicious web sites to take complete control of an affected system or conduct spoofing attacks.
The first issue is caused by an error whithin the handling of the "Enable Java" preference, which could be exploited by attackers to load and run arbitrary applets even when Java is disabled.
The second vulnerability is caused by an error when processing domain names containing Unicode characters, which could be exploited to masquerade a website and conduct spoofing attacks.
The third issue is caused by a heap overflow error in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page.
Credits
Vulnerabilities reported by Scott Wilde, Charlie Miller and Jake Honoroff (Independent Security Evaluators).
ChangeLog
2007-08-01 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
