Intrusion Prevention

Apple.WebKit.Document.Function.Remote.Information.Disclosure

Description

This indicates an attack attempt against an information disclosure vulnerability in Apple Safari.
The vulnerability is caused by the improper implementation of the document() function within the XSLT functionality of the WebKit component. A remote attacker could exploit this vulnerability using unknown attack vectors to read arbitrary files from various security zones.

Affected Products

Apple Mac OS X 10.4.11
Apple Mac OS X 10.5.7
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5.7
Apple Safari 0.8
Apple Safari 0.9
Apple Safari 1.0
Apple Safari 1.0.3
Apple Safari 1.1
Apple Safari 1.2
Apple Safari 1.3
Apple Safari 1.3.1
Apple Safari 1.3.2
Apple Safari 2.0
Apple Safari 2.0.2
Apple Safari 3.0
Apple Safari 3.0.1
Apple Safari 3.0.2
Apple Safari 3.0.3
Apple Safari 3.0.4
Apple Safari 3.1
Apple Safari 3.1.1
Apple Safari 3.1.2
Apple Safari 3.2
Apple Safari 3.2.1
Apple Safari 3.2.2
Apple Safari 3.2.3
Apple Safari 4.0 Beta
Canonical Ubuntu 8.10
Debian Debian Linux 5.0

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the website.
http://support.apple.com/kb/HT3613

CVE References

CVE-2009-1713

Other References

35284