The host is running Apple Saferi and is prone to multiple vulnerabilities.

Successful exploitation could allow remote attackers to send a malformed CSS stylesheet tag containing an overly long string, which leads to application crash or possibly execute arbitrary code on the system. Impact Level: System/Application

Upgrade to Apple Saferi 5.0 or later, For updates refer to http://support.apple.com/downloads

The flaws are cuased by, - Error in the 'CSSSelector()' function when handling CSS stylesheet tag containing an overly long string. - Improper bounds checking by the 'WebKit' library when processing CSS stylesheet tag containing an overly long string. - Use-after-free error when handling of a deleted window object, allows attackers to execute arbitrary code by using 'window.open' to create a popup window for a crafted HTML document, and then calling the parent window&qts close method. - Includes HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain.

Apple Saferi version 4.0.5 and lower

• http://secunia.com/advisories/39670
• http://securitytracker.com/alerts/2010/May/1023958.html
• http://www.exploit-db.com/exploits/11567
• http://www.vupen.com/english/advisories/2010/1097
• http://xforce.iss.net/xforce/xfdb/56524
• http://xforce.iss.net/xforce/xfdb/56527

---

Updated on 2015-03-25