Intrusion Prevention

Apple.Safari.WebKit.Blink.Event.Dangling.Pointer.Code.Execution

Description

This indicates an attack attempt against a memory corruption vulnerability in Apple Webkit.
The vulnerability is caused by an error when the vulnerable software is handling a web page with misused "blink" tag. It may allow remote attackers to execute arbitrary code by sending a crafted web page.

Affected Products

Apple Safari 4.0.4 for Windows
Apple Safari 4.0.4
Apple Safari 4.0.3 for Windows
Apple Safari 4.0.3
Apple Safari 4.0.2 for Windows
Apple Safari 4.0.2
Apple Safari 4.0.1
Apple Safari 4 for Windows
Apple Safari 4 Beta
Apple Safari 4 Beta
Apple Safari 4

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site.
Apple Safari 4
Apple Safari4.0.5SnowLeopard.dmg
Safari for Mac OS X v10.6.1 to v10.6.3
http://www.apple.com/safari/download/
Apple Safari4.0.5Tiger.dmg
Safari for Mac OS X v10.4.11
http://www.apple.com/safari/download/
Apple Safari4.0.5Leopard.dmg
Safari for Mac OS X v10.5.7
http://www.apple.com/safari/download/
Apple Safari 4 for Windows
Apple APPLE-SA-2010-03-11-1-SafariQuickTimeSetup.exe
Safari+QuickTime for Windows 7, Vista or XP
http://www.apple.com/safari/download/
Apple APPLE-SA-2010-03-11-1-Safari_Setup.exe
Safari for Windows 7, Vista or XP
http://www.apple.com/safari/download/
Apple APPLE-SA-2010-03-11-1-Safari_Setup.exe
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
http://www.apple.com/safari/download/
Apple Safari 4.0.1
Apple Safari4.0.5Tiger.dmg
Safari for Mac OS X v10.4.11
http://www.apple.com/safari/download/
Apple Safari4.0.5SnowLeopard.dmg
Safari for Mac OS X v10.6.1 to v10.6.3
http://www.apple.com/safari/download/
Apple Safari4.0.5Leopard.dmg
Safari for Mac OS X v10.5.7
http://www.apple.com/safari/download/
Apple Safari 4.0.2 for Windows
Apple APPLE-SA-2010-03-11-1-Safari_Setup.exe
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
http://www.apple.com/safari/download/
Apple APPLE-SA-2010-03-11-1-Safari_Setup.exe
Safari for Windows 7, Vista or XP
http://www.apple.com/safari/download/
Apple APPLE-SA-2010-03-11-1-SafariQuickTimeSetup.exe
Safari+QuickTime for Windows 7, Vista or XP
http://www.apple.com/safari/download/
Apple Safari 4.0.2
Apple Safari4.0.5Tiger.dmg
Safari for Mac OS X v10.4.11
http://www.apple.com/safari/download/
Apple Safari4.0.5SnowLeopard.dmg
Safari for Mac OS X v10.6.1 to v10.6.3
http://www.apple.com/safari/download/
Apple Safari4.0.5Leopard.dmg
Safari for Mac OS X v10.5.7
http://www.apple.com/safari/download/
Apple Safari 4.0.3 for Windows
Apple APPLE-SA-2010-03-11-1-Safari_Setup.exe
Safari for Windows 7, Vista or XP
http://www.apple.com/safari/download/
Apple APPLE-SA-2010-03-11-1-SafariQuickTimeSetup.exe
Safari+QuickTime for Windows 7, Vista or XP
http://www.apple.com/safari/download/
Apple APPLE-SA-2010-03-11-1-Safari_Setup.exe
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
http://www.apple.com/safari/download/
Apple Safari 4.0.3
Apple Safari4.0.5SnowLeopard.dmg
Safari for Mac OS X v10.6.1 to v10.6.3
http://www.apple.com/safari/download/
Apple Safari4.0.5Leopard.dmg
Safari for Mac OS X v10.5.7
http://www.apple.com/safari/download/
Apple Safari4.0.5Tiger.dmg
Safari for Mac OS X v10.4.11
http://www.apple.com/safari/download/
Apple Safari 4.0.4
Apple Safari4.0.5Leopard.dmg
Safari for Mac OS X v10.5.7
http://www.apple.com/safari/download/
Apple Safari4.0.5SnowLeopard.dmg
Safari for Mac OS X v10.6.1 to v10.6.3
http://www.apple.com/safari/download/
Apple Safari4.0.5Tiger.dmg
Safari for Mac OS X v10.4.11
http://www.apple.com/safari/download/
Apple Safari 4.0.4 for Windows
Apple APPLE-SA-2010-03-11-1-Safari_Setup.exe
Safari for Windows 7, Vista or XP
http://www.apple.com/safari/download/
Apple APPLE-SA-2010-03-11-1-Safari_Setup.exe
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
http://www.apple.com/safari/download/
Apple APPLE-SA-2010-03-11-1-SafariQuickTimeSetup.exe
Safari+QuickTime for Windows 7, Vista or XP
http://www.apple.com/safari/download/

CVE References

CVE-2010-0050