On mySimon: Lemony Snicket: Trouble Begins Book Set
BNET Business Network:
BNET
TechRepublic
ZDNet

April 16th, 2008

Apple plugs Pwn2Own winning vulnerability

Posted by Larry Dignan @ 3:14 pm

Categories: Apple, Exploit code, Patch Watch, Vulnerability research

Tags: Apple Macintosh, Apple Safari, Vulnerability, Mac OS X Server, Apple Inc., Apple Mac OS X, Apple Mac OS, Operating Systems, Desktops, Software

Apple plugged the winning vulnerability in the Pwn2own contest on Wednesday in a Safari update.

In an update for Safari (3.1.1), Apple fixed the following vulnerabilities:

CVE-2008-1026, also known as the flaw that won hacker Charlie Miller $10,000.in the Pwn2Own contest at CanSecWest. This patch covers a vulnerability that allowed a code execution attack via a maliciously crafted Web page. Here’s Apple’s description:

A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions.

Affected OSes: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista

Among other patches:

CVE-2008-1025: Apple patched a cross-scripting vulnerability. Apple says: “An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs.”

Affected OSes: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista

CVE-2008-1024: For Safari on XP and Vista only. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue exists in Safari’s file downloading.

CVE-2007-2398: Another one for Safari on XP and Vista. A maliciously crafted Web site can control the contents of the address bar. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1.

Also see:

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

Talkback

Add your opinion

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline