Apple issued patches for 16 vulnerabilities in Safari, including 12 bugs that could be used to execute code on a vulnerable machine and potentially take full control.
According to Apple’s advisory, nine of the 16 flaws rested in Webkit, Safari’s open-source browser engine, and all but one of those can be exploited to execute arbitrary code on a victim’s machine. Of the nine, seven deal with what Apple called “use-after-free” issues tied to Webkit’s handling of incorrectly nested HTML tags, its parsing of XML documents and its handling of HTML elements and callbacks for those elements.
Four of the patches fix issues in the ImageIO component. The most serious of these are memory corruption and buffer overflow vulnerabilities attackers could exploit with malicious TIFF images to compromise users and execute arbitrary code. Both the other ImageIO patches deal with uninitialized memory access issues tied to the component’s handling of BMP and TIFF images, respectively.
Apple also fixed a heap buffer overflow vulnerability in the ColorSync component, a cookie handling issue in PubSub and a problem with Safari’s handling of external URL schemes.
The fixes come roughly two weeks ahead of Pwn2Own 2010 hacking challenge, where researchers will take a shot and bringing down the security of Safari, Microsoft Internet Explorer, Mozilla Firefox and Google Chrome in a battle for $40,000 in prize money. The contest, which also includes a smartphone challenge for $60,000, will be held March 24-26 at the CanSecWest security conference in Vancouver, B.C.