Skip to content

Posts tagged ‘WebKit’

13
Oct

Apple Releases Slew of Security Updates (OSX, Safari, iTunes, iOS 5, aTV)

I wasn’t going to post about last week’s fairly significant iTunes update, but then Apple went and patched a whole bunch of vulnerabilities across the board. Some of these are fairly significant so I thought I would provide a short breakdown of the changes. Either way, you should definitely be patching all of your Apple devices and software tonight.

Hit the jump for a summary of the key vulnerabilities patched in Apple’s security updates.

Read moreRead more

10
Mar

Safari Errorjacking Vulnerability and Exploit [Patched]

One of the vulnerabilities patched in Safari 5.0.4 is a fairly critical issue in WebKit (CVE-2011-0167) that allows Javascript to jump into the local zone, and access any file on the local computer that is accessible to the current user. This could be used by malicious websites to extract files and information from the victim’s computer. The vulnerability affects Safari on Mac OS X and Windows, and could affect other WebKit-based browsers, although Chrome is safe due to added restrictions.

The bug exists because most browser error pages are loaded from the local “file:” zone, a zone that Javascript is not normally allowed to access directly. Since a child browser window remains under the control of the parent, it is possible to cause a child browser window to error, thus entering the normally-restricted local zone, and then instructing the child window to access local files using this elevated local-zone privilege.

This issue was a nice catch, discovered by Aaron Sigel who has a detailed explanation, video demo and proof-of-concept on his blog. It probably goes without saying, but Safari users should run Software Update as soon as possible.

10
Mar

Apple Drops iOS 4.3 and Safari 5.0.4 Security Updates Ahead of Pwn2Own Contest

In awesome day-before-just-to-try-and-screw-with-your-exploits style, Apple has released significant security patches for iOS, Safari and Apple TV. Safari, which is one of the targets at CanSecWest’s Pwn2Own contest where hackers come to demonstrate 0day exploits, has received an update to 5.0.4, and fixes over 62 bugs including major vulnerabilities in WebKit (eg. Errorjacking) and the ImageIO and libxml libraries.

iOS 4.3 patches largely the same issues in MobileSafari, as well as a remote code execution vulnerability in CoreGraphics. iOS is expected to get a lot of attention at Pwn2Own, with at least four researchers having developed exploits. Charlie Miller and Dionysus Blazakis (@dionthegod) have one exploit which doesn’t work on update, although allegedly the vulnerability hasn’t been patched yet.

Whether or not these updates thwart some of the exploits developed for Pwn2Own remains to be seen. It’ll be cool if it prevents at least one. Either way, good job to Apple for trying.

Update: Just found out that target iPhones at Pwn2Own won’t be running the latest iOS 4.3 which does indeed prevent a number of exploits. Here’s a recap of the Pwn2Own action.

Lastly, Apple TV has been updated to 4.2 to patch a couple not-so-critical vulnerabilities in libfreetype and libtiff that could allow code execution if a malicious image were opened.

Hi the jump for the long list of issues fixed in iOS 4.3. Read moreRead more

12
Sep

iOS 4.1 New Bug Fixes and Boot ROM Hack

On Wednesday, Apple released iOS 4.1 to the public, bringing a good number of bug fixes including two in potential remote code issues in ImageIO, and many more in WebKit (full details after the jump).

In related news, pod2g – a member of the iPhone Dev Team – announced that an issue in iOS’s bootrom (a very low-level hardware bootloader) could be used to jailbreak future iOS updates (including 4.1) on current iOS devices. Due to the nature of the bootrom, it would be difficult for Apple to fix the flaw without somehow flashing a new bootrom to affected devices. Jailbreakers have been advised to forgo the 4.1 update until a stable bootrom-based jailbreak is developed – although this would leave those iPhone/iPod Touch users open to attack.

Read moreRead more

8
Sep

Safari 5.0.2 Update Fixes WebKit Bugs

Apple has released Safari 5.0.2 and 4.1.2 updates for Mac OS X and Windows which fix issues in both Safari and WebKit (the browser’s rendering engine).

The first issue, which only affects Safari on Windows systems, may lead to code execution if the user attempts to reveal the location of a downloaded file. The other two vulnerabilities include an input validation issue in WebKit’s handling of floating point data types, and a use-after-free issue in WebKit’s handling of elements with run-in styling. Both of these could be used to perform arbitrary code execution.

These two updates should be available in Software Update.

Hit the jump for Apple’s full patch info.

Read moreRead more

css.php