The United States Computer Emergency Readiness team (US-CERT) is warning that Safari contains a vulnerability in the handling of window objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
“Apple Safari fails to properly handle references to window objects. Safari can allow a window object to be deleted while references to the object may still exist,” US-CERT says “If JavaScript code then attempts to use the deleted window object, this can result in the use of an invalid pointer. This pointer can be controlled by an attacker through the use of JavaScript. Exploit code for this vulnerability is publicly available. We have confirmed Apple Safari 4.0.5 on the Windows platform to be vulnerable. Other versions may also be affected.”
By convincing a victim to view an HTML document (web page, HTML email, or email attachment) with Apple Safari, an attacker could run arbitrary code with the privileges of the user running the application. US-CERT says it’s are currently unaware of a practical solution to this problem, but offers some work-arounds at http://www.kb.cert.org/vuls/id/943165.
