Apple.Safari.HTML.Tag.Handling.DoS
Description
This indicates an attack attempt to exploit a denial-of-service vulnerability in Apple Safari.
The vulnerability is caused by an error in the KWQListIteratorImpl::KWQListIteratorImpl(), QPainter::drawText(), and objc_msgSend_rtp() functions when handling an IFRAME tag with SCROLLING attributes or SRC attributes with no value. It allows a remote attacker to crash the vulnerable software via sending a crafted web page.
Affected Products
Apple Safari 2.0.3
Apple Safari 2.0.2
Apple Safari 2.0.1
Apple Mobile Safari 0
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the patch, available from the vendor's web site:
Apple Mac OS X Server 10.3.9
* Apple SecUpdSrvr2006-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10488&cat=1&platform=osx&method=sa/SecUpdSrvr2006-003Pan.dmg
Apple Mac OS X 10.3.9
* Apple SecUpd2006-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10486&cat=1&platform=osx&method=sa/SecUpd2006-003Pan.dmg
Apple Mac OS X Server 10.4.6
* Apple SecUpdSrvr2006-003Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10487&cat=1&platform=osx&method=sa/SecUpdSrvr2006-003Ti.dmg
Apple Mac OS X 10.4.6
* Apple SecUpd2006-003Intel.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10485&cat=1&platform=osx&method=sa/SecUpd2006-003Intel.dmg
* Apple SecUpd2006-003Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10484&cat=1&platform=osx&method=sa/SecUpd2006-003Ti.dmg
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-10-12 | 16.941 | Name:Apple. macOS. Safari. HTML. Tag. Handling. DoS:Apple. Safari. HTML. Tag. Handling. DoS |