WebKit Security Restriction Bypass Vulnerability

Release date:
Updated on: 2012-05-10

Affected Systems:
Apple Safari 5.x
WebKit Open Source Project WebKit r82222
WebKit Open Source Project WebKit r77705
WebKit Open Source Project WebKit r52833
WebKit Open Source Project WebKit r52401
WebKit Open Source Project WebKit r51295
WebKit Open Source Project WebKit r38566
WebKit Open Source Project WebKit 1.2.X
WebKit Open Source Project WebKit 1.2.5
WebKit Open Source Project WebKit 1.2.3
WebKit Open Source Project WebKit 1.2.2-1
WebKit Open Source Project WebKit 1.2.2
Unaffected system:
Apple Safari 5.1.7
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53446
Cve id: CVE-2012-0676

WebKit is an open-source browser engine with Gecko (the typographical engine used by Mozilla Firefox) and Trident (also known as MSHTML, the typographical engine used by IE ). WebKit is also the name of the Apple Mac OS x System engine Framework version. It is mainly used in Safari, Dashboard, Mail, and other Mac OS X programs.

WebKit has a security restriction bypass vulnerability, which allows a specially crafted website to be filled with another website with any value. Attackers can exploit this vulnerability to bypass security restrictions.

<* Source: Andreas Akre Solberg
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

WebKit Open Source Project
--------------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://webkit.org/