Alert GCSA-12013 - Vulnerabilita' multiple in Apple Safari
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12013
Data : 13 Marzo 2012
Titolo : Vulnerabilita' multiple in Apple Safari
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Apple Safari, che
potrebbero essere sfruttate da un attaccante remoto per ottenere
informazioni sensibili, condurre attacchi di tipo cross-site
scripting verso un sistema vulnerabile e bypassare le restrizioni
di sicurezza.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple.
:: Software interessato
Apple Safari versioni precedenti alla 5.1.4
su sistemi Mac OS X v10.6.8, OS X Lion v10.7.3, Windows 7, Vista,
XP SP2 o successive
:: Impatto
Security Bypass
Accesso al sistema
Esposizione di informazioni sensibili
Attacchi di tipo cross-site scripting e spoofing
:: Soluzioni
Aggiornare Apple Safari alla versione 5.1.4:
http://support.apple.com/downloads/
http://www.apple.com/safari/download/
Aggiornamento disponibile anche tramite l'applicazione Apple
Software Update
:: Riferimenti
About the security content of Safari 5.1.4
http://support.apple.com/kb/HT5190
Secunia
http://secunia.com/advisories/48377/
Mitre's CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0648
-----BEGIN PGP SIGNATURE-----
iQCVAwUBT19mLPOB+SpikaiRAQJ02QQAmGtABMkRujc8iBPzRVCofdkG6JkPA/lQ
QVu3xEEBzPLU+wE6K1OaG7dnoJDQ+qm4Wc+VktBEynE2pXrfLSCcJVxt9EEFcWsx
kG4ITB+wrVeY4MPm4tQfgLdux9nVmAPmXpVNadSsGBkTsucpSkxlaiqlJqnMP5mJ
JDe+IzyBoh4=
=6ufS
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12013
Data : 13 Marzo 2012
Titolo : Vulnerabilita' multiple in Apple Safari
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Apple Safari, che
potrebbero essere sfruttate da un attaccante remoto per ottenere
informazioni sensibili, condurre attacchi di tipo cross-site
scripting verso un sistema vulnerabile e bypassare le restrizioni
di sicurezza.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple.
:: Software interessato
Apple Safari versioni precedenti alla 5.1.4
su sistemi Mac OS X v10.6.8, OS X Lion v10.7.3, Windows 7, Vista,
XP SP2 o successive
:: Impatto
Security Bypass
Accesso al sistema
Esposizione di informazioni sensibili
Attacchi di tipo cross-site scripting e spoofing
:: Soluzioni
Aggiornare Apple Safari alla versione 5.1.4:
http://support.apple.com/downloads/
http://www.apple.com/safari/download/
Aggiornamento disponibile anche tramite l'applicazione Apple
Software Update
:: Riferimenti
About the security content of Safari 5.1.4
http://support.apple.com/kb/HT5190
Secunia
http://secunia.com/advisories/48377/
Mitre's CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0648
-----BEGIN PGP SIGNATURE-----
iQCVAwUBT19mLPOB+SpikaiRAQJ02QQAmGtABMkRujc8iBPzRVCofdkG6JkPA/lQ
QVu3xEEBzPLU+wE6K1OaG7dnoJDQ+qm4Wc+VktBEynE2pXrfLSCcJVxt9EEFcWsx
kG4ITB+wrVeY4MPm4tQfgLdux9nVmAPmXpVNadSsGBkTsucpSkxlaiqlJqnMP5mJ
JDe+IzyBoh4=
=6ufS
-----END PGP SIGNATURE-----