MyCERT Advisories, Alerts and Summaries for the year 2011
MA-284.072011 : MyCERT Alert - Multiple Critical Vulnerabilities in Safari Web Browser
Date of publication: 2011-07-21
Multiple critical vulnerabilities have been identified in the Safari web browser. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system.
Essentially, an attacker can trick users into clicking on a URL, which has been sent via e-mail, and this will direct the users to a specially crafted web page containing the exploit.
An attacker who successfully exploits this vulnerability will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes.
3.0 Affected Products
- Apple Safari 5.0.5 and earlier
- Update to the latest version of Safari (v5.1) by using update manager or go to:
- Do not browse to untrusted websites or click on untrusted links especially URLs enclosed in e-mails from an unknown sender.
- Browse the Internet through access of a lower privilege user to minimize the impact of the malicious file.
MyCERT can be reached through the following channels for further assistance:
E-mail : firstname.lastname@example.org
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT