Release date: 2012-03-12
Updated on: 2012-03-13
Affected Systems:
Apple Safari <5.1.4 for Windows
Unaffected system:
Apple Safari 5.1.4 for Windows
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52423
Cve id: CVE-2012-0640
WebKit is an open-source browser engine with Gecko (the typographical engine used by Mozilla Firefox) and Trident (also known as MSHTML, the typographical engine used by IE ). WebKit is also the name of the Apple Mac OS x System engine Framework version. It is mainly used in Safari, Dashboard, Mail, and other Mac OS X programs.
WebKit has a security restriction bypass vulnerability when it is enabled in "Privacy Browser" mode. Attackers can exploit this vulnerability to bypass security restrictions through man-in-the-middle attacks.
<* Source: nshah
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.apple.com/