Apple has patched 16 vulnerabilities affecting its Safari Web browser as the annual Pwn2Own contest held at the CanSecWest security conference approaches.
Apple issued patches for 16 vulnerabilities in Safari, including 12
bugs that could be used to execute code on a vulnerable machine and
potentially take full control.According to Apple's advisory,
nine of the 16 flaws rested in Webkit, Safari's open-source browser
engine, and all but one of those can be exploited to execute
arbitrary code on a victim's machine. Of the nine, seven deal with what
Apple called "use-after-free" issues tied to Webkit's handling of
incorrectly nested HTML tags, its parsing of XML documents and its
handling of HTML elements and callbacks for those elements.
Four of the patches fix issues in the ImageIO component. The most
serious of these are memory corruption and buffer overflow
vulnerabilities attackers could exploit with malicious TIFF images to
compromise users and execute arbitrary code. Both the other ImageIO
patches deal with uninitialized memory access issues tied to the
component's handling of BMP and TIFF images, respectively.
also fixed a heap buffer overflow vulnerability in the ColorSync
component, a cookie handling issue in PubSub and a problem with
Safari's handling of external URL schemes.The
fixes come roughly two weeks ahead of Pwn2Own 2010 hacking challenge,
where researchers will take a shot and bringing down the security of Safari,
Microsoft Internet Explorer, Mozilla Firefox and Google Chrome in a
battle for $40,000 in prize money. The contest, which also includes a
smartphone challenge for $60,000, will be held March 24-26 at
the CanSecWest security conference in Vancouver, B.C.