MyCERT Advisories, Alerts and Summaries for the year 2011
MA-284.072011 : MyCERT Alert - Multiple Critical Vulnerabilities in Safari Web Browser
Date of publication: 2011-07-21
Multiple critical vulnerabilities have been identified in the Safari web browser. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system.
Essentially, an attacker can trick users into clicking on a URL, which has been sent via e-mail, and this will direct the users to a specially crafted web page containing the exploit.
An attacker who successfully exploits this vulnerability will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes.
3.0 Affected Products
Apple Safari 5.0.5 and earlier
Update to the latest version of Safari (v5.1) by using update manager or go to:
Do not browse to untrusted websites or click on untrusted links especially URLs enclosed in e-mails from an unknown sender.
Browse the Internet through access of a lower privilege user to minimize the impact of the malicious file.
MyCERT would like to advise the users of Safari to be vigilant of the latest security announcements by Apple.
MyCERT can be reached through the following channels for further assistance: E-mail : firstname.lastname@example.org Phone : 1-300-88-2999 (monitored during business hours) Fax : +603 89453442 Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT Web: http://www.mycert.org.my