Vulnerabilities

WebKit in Apple Safari before 4.0 remote vulnerability (PC1-2009-1589)

Vulnerability chart	Risk level Low Medium High Extreme Severe Warning: security vulnerability level = severe 101 vulnerabilities(-y) found between 8 December, 2003 and 21 September, 2009. Safari is a web browser developed by Apple Inc. Apple Safari is the... more See also: Safari, The Apple Safari 1 files found: SAFARI.EXE... more Vulnerability exists in WebKit in Apple Safari before 4.0.
Remote Access Yes, patch is available Patch is easy to implement

Description:	This type of vulnerability enables remote attackers to gain sensitive information through vectors that include drag events and the dragging of content over a crafted web page.
Impact:	With the help of this type of vulnerability, information may be uncovered without any authorization.
Solution:	We recommend users to upgrade to the latest version of the software product (Apple Safari version 4).
References:	http://www.vupen.com/english/advisories/2009/1522 http://www.securityfocus.com/bid/35260 http://support.apple.com/kb/HT3613 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/35379

CVSS Severity		CVSS Version 2 Metrics:
CVSS v2 Base Score:	7.1 (HIGH)	Access Vector:	N/A
Impact Subscore:	6.9	Access Complexity:	Medium
Exploitability Subscore:	8.6	Authentication:	Not required to exploit
		Impact Type:	Allows unauthorized disclosure of information