Apple Safari WebKit SVG Memory Corruption (Aug 1, 2011)
Safari is a web browser developed by Apple Inc. and included with the Mac OS X and iOS operating systems. The browser is capable of processing HTML, images, scripting languages, and various other media formats. Safari is based on Apple’s internal fork of the KHTML rendering engine, called WebKit. WebKit provides the WebCore HTML parser and the JavaScriptCore JavaScript engine.
The Document Object Model (DOM) is a cross-platform and language-independent convention for representing and interacting with objects in HTML, XHTML and XML documents. DOM has a hierarchical structure in which HTML tag and attribute data is stored as elements of this hierarchy. WebKit supports manipulation of DOM objects via “client-side” scripting (e.g. JavaScript), allowing for dynamic modification of an HTML document.
Scalable Vector Graphics (SVG) is a family of specifications of an XML-based file format for describing two-dimensional vector graphics, both static and dynamic. The SVG specification is an open standard that has been under development by the World Wide Web Consortium (W3C) since 1999. SVG is supported by most modern web browsers, including Safari.
A memory corruption vulnerability has been found in the WebKit component of Safari. The vulnerability is due to the corruption of certain pointers in DOM objects relating to SVG elements. An attacker can exploit this vulnerability to inject and execute malicious code in the security context of the logged in user.
SonicWALL UTM team has researched this vulnerability and created the following IPS signatures to capture the attacks in the wild.
- 1149 Apple Safari SVG Object Memory Corruption 1
- 1158 Apple Safari SVG Object Memory Corruption 2
This vulnerability has been referred by CVE as CVE-2011-0222.
