MA-322.072012 : MyCERT Alert - Multiple Critical Vulnerabilities in Safari Web Browser Date of publication: 2012-07-26 1.0 Introduction Multiple critical vulnerabilities have been identified in the Safari web browser. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system. These vulnerabilities exists in Safari components and also the Webkit layout engine that is used in Safari 2.0 Impact An attacker who successfully exploits this vulnerability will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes. 3.0 Affected Products - Apple Safari 5.1.7 and earlier
4.0 Recommendations 4.1 Update to the latest version of Safari (v6.0) by using update manager or go to: 4.2 Do not browse to untrusted websites or click on untrusted links especially URLs enclosed in e-mails from an unknown sender. 4.3 Browse the Internet through access of a lower privilege user to minimize the impact of the malicious file.
MyCERT would like to advise the users of Safari to be vigilant of the latest security announcements by Apple. MyCERT can be reached through the following channels for further assistance: E-mail : mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my
5.0 References 1. http://support.apple.com/kb/HT5400
2. http://www.webkit.org/ |
