Shadown

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 Description: The issue allows remote attackers to execute arbitrary JavaScript code by placing it in an image file, due to CFNetwork misinterpreting downloaded image files as local HTML documents. Recommendations: For versions prior to 4.0, update to version 4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iPhone OS versions 1.0 through 2.1 iPhone OS for iPod touch versions 1.1 through 2.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory consumption and device reset, via a crafted TIFF image. **Recommendations** For Apple iPhone OS versions 1.0 through 2.1, update to a version outside of this range to resolve the issue. For iPhone OS for iPod touch versions 1.1 through 2.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider avoiding the use of crafted TIFF images until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mac OS X version 10.5.5 **Description** The issue is related to an unspecified vulnerability in Finder, which allows user-assisted attackers to cause a denial of service. This can be achieved by using a crafted Desktop file that generates an error when producing its icon, due to an error recovery issue. The result is a continuous termination and restart. **Recommendations** For Mac OS X version 10.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.5.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by utilizing a crafted PICT image. This crafted image triggers an out-of-bounds read. **Recommendations** For versions prior to 7.5.5, update to version 7.5.5 or later to resolve the issue.