Apple Safari Long MARQUEE Denial of Service Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	03/29/2010
Severity:	High
Operating Systems Affected:	Apple iPhone OS 3.1.3 for iPod touch
Application Affected:	Safari
Identifiers:	CVE-2010-1181

Synopsis

Safari on Apple iPhone OS 3.1.3 for iPod touch is prone to Denial of Service (DoS) vulnerability. This could be exploited by an attacker to execute arbitrary code on the affected system.

Recommended Actions

Update the patches as guided by vendor at :
http://www.apple.com/downloads/

Threat Analysis

A Denial of Service (DoS) vulnerability has been identified in Safari on Apple iPhone OS 3.1.3 for iPod touch. The issue is due to improper handling of long string in a MARQUEE element.

A remote attacker may exploit this issue by tricking the user to visit a specially crafted webpage that can lead the Safari browser to freeze and finally crash. Successful exploitation of the vulnerability could lead in arbitrary code execution on affected system.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1181

Write-up by: Anupam Kumar