Fortinet Discovers Apple Safari DHTML Handling Remote Code Execution Vulnerability
Fortinet's FortiGuard Labs has discovered DHTML handling remote code execution vulnerability in Apple Safari.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Oct 29, 2008
Apple security updates are available via their Software Update mechanism.
The memory corruption vulnerability occurs when handling HTML table elements. A remote attacker may craft a malicious webpage and lure an unsuspecting user. When the page is viewed and these elements are processed, arbitrary code execution may occur resulting in the victims machine being compromised.
Haifei Li of Fortinet's FortiGuard Global Security Research Team