Categories: Computers

0day: Apple Safari “parent.close()”

Release Date : 2010-05-07
Criticality level : Highly critical
Impact : Remote code execution
Solution Status : Unpatched

Description:
A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.

The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected.

Solution:
Do not visit untrusted web sites or follow links from untrusted sources.

PROVIDED AND/OR DISCOVERED BY:
Krystian Kloskowski (h07)

Original Advisory:
http://h07.w.interia.pl/Safari.rar

Advisory Reference:
http://secunia.com/advisories/39670/

Please follow and like us:
@ ithreats.net