BugTraq
Apple Mac OS X Safari 2.0.3 Vulnerability Apr 24 2006 06:00PM
security slashdot ch (1 replies)
Re: Apple Mac OS X Safari 2.0.3 Vulnerability Apr 24 2006 08:05PM
Colin Keigher (colinkeigher telus net) (1 replies)
It seems to affect older versions also.

Tested on:
iBook G4 with Mac OS X 10.3.9 (Build 7W98) + all updates from Apple

Version affected:
Safari 1.3.1 (312.3.1) under 10.3.9

Colin Keigher
colinkeigherREMOVEFORAFREEPRIZEtelus.net

On 24-Apr-06, at 11:00 AM, " " <security (at) slashdot (dot) ch [email concealed]>
<security (at) slashdot (dot) ch [email concealed]> wrote:

>
>
> Apple Mac OS X Safari 2.0.3 Vulnerability
> =========================================
>
> Release Date:
> April 23th, 2006
>
> Vendor:
> Apple Computer Inc.
>
> Tested on:
> iBook G4 1.2 GHz with Mac OS X 10.4.5 (Build 8H14) + all Updates
> from Apple except "10.4.6 Update"
> iBook G4 1.33 GHz with Mac OS X 10.4.6 (Build 8I127) + all Updates
> from Apple
> PowerMac G4 Dual 867 MHz with Mac OS X 10.4.6 (Build 8I127) + all
> Updates from Apple
> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates
> from Apple
>
> Versions affected:
> Safari 2.0.3 (417.9.2) latest version under 10.4.5 (Build 8H14) and
> perhaps prior versions
> Safari 2.0.3 (417.9.2) latest version under 10.4.6 (Build 8I127)
> and perhaps prior versions
>
> Overview:
> A vulnerabilitiy exists in Safari 2.0.3 (417.9.2) and perhaps in
> prior versions which causes the operating system to slow down SRCOD
> (Spinning Rainbow Cursor Of Death), and therefore, it's not
> possible to launch any applications like Terminal to kill the
> process. After several minutes Safari crashes.
>
> Technical Details:
> Create a new File with following code ...
>
> <HTML>
> <TABLE>
> <TR><TD ROWSPAN=2000000000>
>
> .. then save it as a .html file (example.html) now open it in
> Safari. The application takes a lot of CPU and RAM slowing down the
> operating system SRCOD (Spinning Rainbow Cursor Of Death), and it
> is no longer possible to use OSX even "apple" + "ALT" + "ESC" is
> working very slow!
> Go around and pull the power cable out or press the startbutton for
> a while to shut down the computer.
>
> For an expample klick at the link with Safari (WARNING: That
> crashes Safari after several minutes an first the SRCOD (Spinning
> Rainbow Cursor Of Death) is there for all the time!) http://
> www.yanux.ch/exploits/safari/example.html
>
> Report:
> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates
> from Apple
> http://www.yanux.ch/exploits/safari/bugreport_imac_g4.txt
>
> Vendor Status:
> Apple has notified of this issues on 04/23/2006
>
> Solution:
> Currently no patches have been released for this vulnerability.
>
> Discovered by:
> Yannick von Arx
> yannick[dot]vonarx[at]yanux[dot]ch
>
> ____________________________
>
> e-mail:yannick.vonarx (at) yanux (dot) ch [email concealed]
> web: www.yanux.ch
>
>
>
> ------
> freemails.ch - Free Swiss E-Mails
>
> Webhosting nach Mass bereits ab CHF 5.50: www.hostplace.ch
>
>

[ reply ]
Re: Apple Mac OS X Safari 2.0.3 Vulnerability Apr 25 2006 04:22PM
Tom Ferris (tommy security-protocols com) (1 replies)
Re: Apple Mac OS X Safari 2.0.3 Vulnerability Apr 25 2006 05:02PM
Billy Bues (bwbues gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus