Alert GCSA-10061 - Vulnerabilita' multiple in Apple Safari
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10061
Data : 10 Giugno 2010
Titolo : Vulnerabilita' multiple in Apple Safari
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Apple Safari, che
potrebbero essere sfruttate da un attaccante remoto per ottenere
informazioni sensibili, condurre attacchi per compromettere un
sistema vulnerabile e bypassare le restrizioni di sicurezza.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple.
:: Software interessato
Apple Safari versioni precedenti alla 4.1
Apple Safari versioni precedenti alla 5.0
:: Impatto
Security Bypass
Accesso al sistema
Esposizione di informazioni sensibili
:: Soluzioni
Aggiornare Apple Safari alla versione 5.0 oppure 4.1:
http://support.apple.com/downloads/
:: Riferimenti
About the security content of Safari 5.0 and Safari 4.1
http://support.apple.com/kb/HT4196
VUPEN
http://www.vupen.com/english/advisories/2010/1373
Secunia
http://secunia.com/advisories/40105/
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-091/
http://www.zerodayinitiative.com/advisories/ZDI-10-092/
http://www.zerodayinitiative.com/advisories/ZDI-10-093/
http://www.zerodayinitiative.com/advisories/ZDI-10-094/
http://www.zerodayinitiative.com/advisories/ZDI-10-095/
http://www.zerodayinitiative.com/advisories/ZDI-10-096/
http://www.zerodayinitiative.com/advisories/ZDI-10-097/
http://www.zerodayinitiative.com/advisories/ZDI-10-098/
http://www.zerodayinitiative.com/advisories/ZDI-10-099/
http://www.zerodayinitiative.com/advisories/ZDI-10-100/
http://www.zerodayinitiative.com/advisories/ZDI-10-101/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1474
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBC3KvOB+SpikaiRAQL1mAP/dc6RlitFclhp/vSZ35dNhmS4auSe0WlG
a6z7wDMGm4apZqU0oVJF3X8UfHubfp2zfPNs0b3jeC8uM6GxECvCKGUEyuRnB8aM
XwiaxUWbYRqCiguXWm15ti0Yh7Tjzb6DI/ldIPIy/hSFfYKJhSe1ybe+LQRuiKu5
4rutLIiJDOo=
=lJ09
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10061
Data : 10 Giugno 2010
Titolo : Vulnerabilita' multiple in Apple Safari
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Apple Safari, che
potrebbero essere sfruttate da un attaccante remoto per ottenere
informazioni sensibili, condurre attacchi per compromettere un
sistema vulnerabile e bypassare le restrizioni di sicurezza.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple.
:: Software interessato
Apple Safari versioni precedenti alla 4.1
Apple Safari versioni precedenti alla 5.0
:: Impatto
Security Bypass
Accesso al sistema
Esposizione di informazioni sensibili
:: Soluzioni
Aggiornare Apple Safari alla versione 5.0 oppure 4.1:
http://support.apple.com/downloads/
:: Riferimenti
About the security content of Safari 5.0 and Safari 4.1
http://support.apple.com/kb/HT4196
VUPEN
http://www.vupen.com/english/advisories/2010/1373
Secunia
http://secunia.com/advisories/40105/
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-091/
http://www.zerodayinitiative.com/advisories/ZDI-10-092/
http://www.zerodayinitiative.com/advisories/ZDI-10-093/
http://www.zerodayinitiative.com/advisories/ZDI-10-094/
http://www.zerodayinitiative.com/advisories/ZDI-10-095/
http://www.zerodayinitiative.com/advisories/ZDI-10-096/
http://www.zerodayinitiative.com/advisories/ZDI-10-097/
http://www.zerodayinitiative.com/advisories/ZDI-10-098/
http://www.zerodayinitiative.com/advisories/ZDI-10-099/
http://www.zerodayinitiative.com/advisories/ZDI-10-100/
http://www.zerodayinitiative.com/advisories/ZDI-10-101/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1474
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTBC3KvOB+SpikaiRAQL1mAP/dc6RlitFclhp/vSZ35dNhmS4auSe0WlG
a6z7wDMGm4apZqU0oVJF3X8UfHubfp2zfPNs0b3jeC8uM6GxECvCKGUEyuRnB8aM
XwiaxUWbYRqCiguXWm15ti0Yh7Tjzb6DI/ldIPIy/hSFfYKJhSe1ybe+LQRuiKu5
4rutLIiJDOo=
=lJ09
-----END PGP SIGNATURE-----