이번 버전에서는 libpng 다중 취약점, JPEG / TIFF 이미지 취약점을 이용하여 악의적으로 조작된 인터넷 사이트 방문 또는 이미지를 볼 경우 원격 코드 실행 취약점, libxml의 XPath 처리와 관련된 취약점을 이용하여 악의적으로 조작된 인터넷 사이트 방문을 통한 메모리 변조 및 원격 코드 실행 취약점, WebKit에 존재하는 다중 메모리 변조 취약점을 이용하여 악의적으로 조작된 인터넷 사이트 방문시 원격 코드 실행 취약점 등 총 62건의 보안 문제가 해결되었습니다.
Safari 5(Windows), Safari 5(Mac OS X 10.6), Safari 5(Mac OS X 10.5)
1. ImageIO (5)
(1) CVE-2010-1205 / CVE-2010-2249 : Multiple vulnerabilities in libpng
- libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.
(2) CVE-2011-0170 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- A heap buffer overflow issue existed in ImageIO's handling of JPEG images.
(3) CVE-2011-0191 : Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution
- A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images.
(4) CVE-2011-0192 : Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution
- A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images.
2. libxml (2)
(1) CVE-2010-4494 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- A double free issue existed in libxml's handling of XPath expressions.
(2) CVE-2010-4008 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- A memory corruption issue existed in libxml's XPath handling.
3. WebKit (55)
(1) CVE-2010-1824 / CVE-2011-0111 / CVE-2011-0112 / CVE-2011-0113 / CVE-2011-0114 / CVE-2011-0115 / CVE-2011-0116 / CVE-2011-0117 / CVE-2011-0118 / CVE-2011-0119 / CVE-2011-0120 / CVE-2011-0121 / CVE-2011-0122 / CVE-2011-0123 / CVE-2011-0124 / CVE-2011-0125 / CVE-2011-0126 / CVE-2011-0127 / CVE-2011-0128 / CVE-2011-0129 / CVE-2011-0130 / CVE-2011-0131 / CVE-2011-0132 / CVE-2011-0133 / CVE-2011-0134 / CVE-2011-0135 / CVE-2011-0136 / CVE-2011-0137 / CVE-2011-0138 / CVE-2011-0139 / CVE-2011-0140 / CVE-2011-0141 / CVE-2011-0142 / CVE-2011-0143 / CVE-2011-0144 / CVE-2011-0145 / CVE-2011-0146 / CVE-2011-0147 / CVE-2011-0148 / CVE-2011-0149 / CVE-2011-0150 / CVE-2011-0151 / CVE-2011-0152 / CVE-2011-0153 / CVE-2011-0154 / CVE-2011-0155 / CVE-2011-0156 / CVE-2011-0165 / CVE-2011-0168 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
- Multiple memory corruption issues existed in WebKit.
(2) CVE-2011-0160 : HTTP Basic Authentication credentials may be inadvertently disclosed to another site
- If a site uses HTTP Basic Authentication and redirects to another site, the authentication credentials may be sent to the other site.
(3) CVE-2011-0161 : Visiting a maliciously crafted website may lead to cross-site style declarations
- A cross-origin issue existed in WebKit's handling of the Attr.style accessor.
(4) CVE-2011-0163 : A maliciously crafted website may be able to prevent other sites from requesting certain resources
- A cache poisoning issue existed in WebKit's handling of cached resources.
(5) CVE-2011-0166 : Visiting a malicious website and dragging content in the page may lead to an information disclosure
- A cross-origin issue existed in WebKit's handling of HTML5 drag and drop.
(6) CVE-2011-0167 : Visiting a malicious website may lead to files being sent from the user's system to a remote server
- A cross-origin issue existed in WebKit's handling of windows.
(7) CVE-2011-0169 : Visiting a malicious website while using the Web Inspector may lead to a cross-site scripting attack
- A cross-origin issue existed in WebKit's handling of the window.console._inspectorCommandLineAPI property.
해당 소프트웨어를 사용하시는 분들은 반드시 최신 버전으로 업데이트를 하시고 인터넷을 이용하시기 바랍니다.