- Mar 15, 2011
- 13,070
Apple has released Safari 5.0.5 for Windows and Mac in order to address two critical vulnerabilities disclosed during the Pwn2Own competition earlier this year.
Both vulnerabilities are located in the WebKit layout engine and can be exploited over the web in drive-by download attacks.
The first, identified as CVE-2011-1290, was leveraged by security researchers Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann at Pwn2Own to hack into the BlackBerry, whose browser also uses WebKit.
The flaw stems from an error in the handling of nodesets which can result in an integer overflow allowing for arbitrary code execution.
Softpedia