TECHNICAL BULLETIN
TECHNICAL BULLETIN
| PROBLEM: | Apple Safari prior to 4.0 is prone to multiple security vulnerabilities. |
| PLATFORM: | These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Microsoft Windows XP, and Windows Vista. |
| ABSTRACT: | Simple abstract is difficult due to number of vulnerabilities. Attackers could use one or more of these vulnerabilities to execute arbitrary code, elevate privileges, make cross site scripting attacks, obtain sensitive information and more. |
| LINKS: | |
| DOE-CIRC BULLETIN: | http://www.doecirc.energy.gov/bulletins/t-157.shtml |
| OTHER LINKS: | Security Focus Website http://www.securityfocus.com/bid/35260/discuss Zero-Day Initiative Website http://www.zerodayinitiative.com/advisories/ZDI-09-034/ |
| CVE: | CVE-2009-1718,
CVE-2009-1716,
CVE-2009-1715, CVE-2009-1714, CVE-2009-1713, CVE-2009-1712, CVE-2009-1711, CVE-2009-1710, CVE-2009-1709, CVE-2009-1708, CVE-2009-1707, CVE-2009-1706, CVE-2009-1705, CVE-2009-1704, CVE-2009-1703, CVE-2009-1702, CVE-2009-1701, CVE-2009-1700, CVE-2009-1699, CVE-2009-1698, CVE-2009-1697, CVE-2009-1696, CVE-2009-1695, CVE-2009-1694, CVE-2009-1693, CVE-2009-1691, CVE-2009-1690, CVE-2009-1689, CVE-2009-1688, CVE-2009-1687, CVE-2009-1686, CVE-2009-1685, CVE-2009-1684, CVE-2009-1682, CVE-2009-1681 |
| IMPACT ASSESSMENT | This risk is high. Safari earlier than 4.0 on all platforms is affected. Some of the vulnerabilities can be exploited with commonly available tools. |
[***** Start CVE-2009-Many *****] Discussion: Safari 4.0 has been released. Many of the security vulnerabilities that it fixes are serious. Users of Safari should upgrade as soon as possible. http://www.apple.com/safari/download/ Explanation of the vulnerabilities addressed in this release is at: http://support.apple.com/kb/HT3613 [***** End CVE-2009-Many *****]
Voice: 866-941-2472
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov