This host is installed with Apple Safari Web Browser and is prone to multiple vulnerabilities.

Successful exploitation will let the attacker execute arbitrary code, bypass security restrictions, gain sensitive information and can cause Denial of Service. Impact Level: System/Application

Upgrade to Safari version 4.0.3 http://www.apple.com/support/downloads

- An error in WebKit while parsing malicious floating point numbers can be exploited to cause buffer overflows. - An unspecified error in the Top Sites feature can be exploited to place a malicious web site in the Top Sites view when a user visits a specially crafted web page. - Incomplete blacklist vulnerability in WebKit can be exploited via unspecified homoglyphs. - An error in WebKit in the handling of the 'pluginspage' attribute of the 'embed' element can be exploited to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

Apple Safari version prior to 4.0.3.

• http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html
• http://secunia.com/advisories/36269/
• http://securethoughts.com/2009/08/hijacking-safari-4-top-sites-with-phish-bombs
• http://support.apple.com/kb/HT3733

---

Updated on 2015-03-25