Over the last two weeks, security researchers have reported eight different zero-day vulnerabilities in Apple’s Safari browser.
Details of these vulnerabilities, all rated “high risk,” have been sold to Tippingpoint’s Zero Day Initiative (ZDI), a program that purchases the rights to vulnerability information in exchange for exclusivity to broker fixes with affected vendors.
A high-risk rating is used to describe a vulnerability that could be exploited to launch remote code execution (drive-by download attacks).
All eight of the Safari vulnerabilities were reported by a researcher named “wushi” of team509. ZDI’s Upcoming Advisories page provides a basic listing of the vulnerabilities alongside a running count of the number of days it was number of days they were reported to Apple.
The page also lists outstanding flaws in software products offered by Adobe, Mozilla Firefox, Novell, Hewlett-Packard, Oracle, Microsoft and IBM.
TippingPoint ZDI is the sponsor of the annual CanSecWest Pwn2Own hacker contest, where the Safari browser is usually a very big (weak) target.