Alert GCSA-11073 - Vulnerabilita' in Apple Safari
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11073
Data : 17 ottobre 2011
Titolo : Vulnerabilita' in Apple Safari
******************************************************************
:: Descrizione del problema
Apple ha rilasciato una nuova versione del browser Safari
che risolve varie vulnerabilita' presenti nel prodotto.
I difetti individuati potrebbero consentire, ad esempio,
l'esecuzione di codice arbitrario Javascript
nel caso l'utente visiti pagine artefatte.
Per una descrizione completa delle vulnerabilita'
fare riferimento alla segnalazione ufficiale Apple.
:: Software interessato
Apple Safari 5.0.6 e precedenti
:: Impatto
Security Bypass
Cross Site Scripting
Esposizione di informazioni sensibili
Accesso al sistema
:: Soluzioni
Aggiornare Safari alla versione 5.1.1
tramite l'applicazione Apple Software Update
o scaricandolo dal sito Apple:
http://support.apple.com/downloads/
http://www.apple.com/safari/download/
:: Riferimenti
About the security content of Safari 5.1.1
http://support.apple.com/kb/HT5000
Apple Mailing List APPLE-SA-2011-10-12-4
http://lists.apple.com/archives/security-announce/2011/Oct/msg00004.html
Apple security updates
http://support.apple.com/kb/HT1222
Secunia
http://secunia.com/advisories/46412/
Securityfocus
http://www.securityfocus.com/bid/50089
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3243
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTpws1fOB+SpikaiRAQInpwP/cJMTUjaQArlUWNWI/4hKEBEv1t08dSp+
wRUi39FkYMo//mpKo5wKzHQ3PpTzBKznmJuezI9mZXtjGJwZqwL9cYNgcTyUhfh0
78V3fQ1JGLD8PoHdIgqrFv8Y1cq+9rKm0bOg9lshzzP5niUx4H6i56XGXDR3GjYq
DoxyujpTVmk=
=NDF8
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11073
Data : 17 ottobre 2011
Titolo : Vulnerabilita' in Apple Safari
******************************************************************
:: Descrizione del problema
Apple ha rilasciato una nuova versione del browser Safari
che risolve varie vulnerabilita' presenti nel prodotto.
I difetti individuati potrebbero consentire, ad esempio,
l'esecuzione di codice arbitrario Javascript
nel caso l'utente visiti pagine artefatte.
Per una descrizione completa delle vulnerabilita'
fare riferimento alla segnalazione ufficiale Apple.
:: Software interessato
Apple Safari 5.0.6 e precedenti
:: Impatto
Security Bypass
Cross Site Scripting
Esposizione di informazioni sensibili
Accesso al sistema
:: Soluzioni
Aggiornare Safari alla versione 5.1.1
tramite l'applicazione Apple Software Update
o scaricandolo dal sito Apple:
http://support.apple.com/downloads/
http://www.apple.com/safari/download/
:: Riferimenti
About the security content of Safari 5.1.1
http://support.apple.com/kb/HT5000
Apple Mailing List APPLE-SA-2011-10-12-4
http://lists.apple.com/archives/security-announce/2011/Oct/msg00004.html
Apple security updates
http://support.apple.com/kb/HT1222
Secunia
http://secunia.com/advisories/46412/
Securityfocus
http://www.securityfocus.com/bid/50089
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3243
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTpws1fOB+SpikaiRAQInpwP/cJMTUjaQArlUWNWI/4hKEBEv1t08dSp+
wRUi39FkYMo//mpKo5wKzHQ3PpTzBKznmJuezI9mZXtjGJwZqwL9cYNgcTyUhfh0
78V3fQ1JGLD8PoHdIgqrFv8Y1cq+9rKm0bOg9lshzzP5niUx4H6i56XGXDR3GjYq
DoxyujpTVmk=
=NDF8
-----END PGP SIGNATURE-----