search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Apple Mac OS X WebKit deallocated object access vulnerability

Vulnerability Note VU#848960

Original Release Date: 2006-11-29 | Last Revised: 2007-01-15

Overview

Apple Safari WebKit fails to properly deallocate objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

Description

According to Apple:

WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X for use in your applications.
More information about WebKit is available at the WebKit Project web site.

The Apple Safari WebKit component fails to properly dispose of deallocated objects. If a remote attacker persuades a user to access a specially crafted web page with Safari, that attacker may be able to cause that user to access a deallocated object leading to memory corruption.

Note that this vulnerability may affect any software that uses WebKit.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

Solution

Apply Apple Updates
Apple advises all users to apply Apple Security Update 2006-007, as it fixes this and other critical security flaws.

Vendor Information

848960
 
Expand all

Apple Computer, Inc. Affected

Updated:  November 29, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://docs.info.apple.com/article.html?artnum=304829.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OmniGroup, Inc. Affected

Notified:  November 30, 2006 Updated: January 15, 2007

Status

Affected

Vendor Statement

A fix for the Apple WebKit vulnerability described in VU#848960 (WebKit deallocated object access) is included in OmniWeb version 5.5.3. Earlier versions may be vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported in Apple Security Update 2006-007. Apple credits Tom Ferris of Security-Protocols with providing information about this vulnerability.

This document was written by Jeff Gennari based on information from Apple and Security-Protocols.

Other Information

CVE IDs: CVE-2006-4412
Severity Metric: 15.80
Date Public: 2006-11-28
Date First Published: 2006-11-29
Date Last Updated: 2007-01-15 11:32 UTC
Document Revision: 14

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis