[NEWS] Apple Mac OS X Safari DoS

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Apple Mac OS X Safari DoS
------------------------------------------------------------------------


SUMMARY

<http://www.apple.com/safari/> Safari is a web browser developed by Apple
Computer, Inc. and available as part of its Mac OS X operating system.
Vulnerability in Mac OS X Safari browser allows to perform DoS attacks.

DETAILS

Vulnerable Systems:
* Safari version 2.0.3 (417.9.2) latest version under 10.4.5 (Build 8H14)
* Safari version 2.0.3 (417.9.2) latest version under 10.4.6 (Build
8I127)
* (prior versions suspected as well)

A vulnerability exists in Safari which causes the operating system to slow
down SRCOD (Spinning Rainbow Cursor Of Death), and therefore, it's not
possible to launch any applications like Terminal to kill the process.
After several minutes Safari crashes.

Proof of Concept:
<HTML>
<TABLE>
<TR><TD ROWSPAN=2000000000>


ADDITIONAL INFORMATION

The information has been provided by <mailto:yannick.vonarx@xxxxxxxx>
Yannick von Arx.



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages