Risk
11/18/2010
08:43 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Dangerous Safari Bugs Patched

Just days after Apple Inc. patched about 150 vulnerabilities in OS X, the company is releasing yet another batch of security updates for Safari that runs on both OS X and Windows.

Just days after Apple Inc. patched about 150 vulnerabilities in OS X, the company is releasing yet another batch of security updates for Safari that runs on both OS X and Windows.There are 27 vulnerabilities in total for Safari version 5.0.3, with 23 of those being critical in that they'd allow what Apple calls "arbitrary code execution."

That's another way of saying should an attacker exploit these flaws, they can run whatever attack tools and exploit code they wish on your system.

Such flaws can be exploited through attackers establishing maliciously crafted web sites, for example.

The Safari 5.0.3 update can be accessed here for Mac OS X Snow Leopard, Leopard, Windows 7, Windows Vista, and Windows XP. It's the third Safari update since Safari 5 was released this Spring.

And it's an update you'll want to apply immediately.

For my security and technology observations throughout the day, find me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7441
Published: 2015-05-29
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVE-2014-9727
Published: 2015-05-29
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

CVE-2015-0200
Published: 2015-05-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

CVE-2015-0751
Published: 2015-05-29
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

CVE-2015-0752
Published: 2015-05-29
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?