Multiple Apple products contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
The vulnerability exists because the WebKit component used by the affected software incorrectly handles manipulation of certain Dynamic Object Model (DOM) elements in web pages. An unauthenticated, remote attacker could exploit this vulnerability by conducting a man-in-the-middle attack and convincing a user to view a malicious web page that is designed to redirect the vulnerable application to malicious iTunes Store content. If successful, the attacker could execute arbitrary code on the targeted system.
Apple has confirmed this vulnerability and released updated software.
Indicators of Compromise
The following Apple products that use the affected WebKit library are vulnerable:
Apple iTunes versions prior to 10.2
Apple Safari and Safari for Windows versions prior to 5.0.4
Apple iOS versions prior to 4.3
The vulnerability exists because the WebKit component in the affected software incorrectly processes range objects used by the DOM implementation in web pages. Due to this flaw, an event listener could cause the WebKit component to improperly handle manipulation of DOM elements in a web page.
An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious website that could redirect to the iTunes store via the affected software. Alternately, this action could be achieved by conducting a man-in-the-middle attack. If successful, the attacker could then supply malicious HTML content that contains crafted range objects to the affected software. The processing of the content could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system.
To exploit this vulnerability an attacker would need to convince a user to visit a malicious web page. This task could be accomplished via the use of social engineering techniques and by sending the link through e-mail messages, instant messaging, or other forms of communication. Additionally, an attacker would possibly require access to trusted, internal networks to launch a man-in-the-middle attack.
Administrators are advised to apply the appropriate updates.
Users should verify that unsolicited links are safe to follow.
Administrators are advised to monitor affected systems.
Apple has released security notifications at the following links:HT4554, HT4564, and HT4566
Apple has released updated software at the following links:
Apple has released security notifications and updated software to address multiple Apple products Range object handling memory corruption vulnerability.
2011-March-10 16:17 GMT
Apple iTunes contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service condition on the targeted system. Updates are available.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM
THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
FIXED SOFTWARE INFORMATION AND LINKS PROVIDED BY SUPPLIERS AND VENDORS ARE FOR REFERENCE ONLY. USERS SHOULD CONTACT THEIR SUPPLIER OR VENDOR FOR UPDATED SOFTWARE.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products
Cisco Multivendor Vulnerability Alerts respond to vulnerabilities identified in third-party vendors' products. These alerts contain information compiled from diverse sources and provide comprehensive technical descriptions, objective analytical assessments, workarounds and practical safeguards, and links to vendor advisories and patches.