WebKit contains a typecasting flaw in the 'RenderLayerBacking::startAnimation' function in WebCore/rendering/RenderLayerBacking.cpp when starting an accelerated transform animation on a renderer. With a specially crafted web page, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.

Upgrade to Apple Safari version 5.0.4 or higher, as it has been reported to address this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2011-0118 (see also: NVD)
• Secunia Advisory ID: 43582
• Related OSVDB ID: 71496 71497 71498 71499 71500 71501 71502 71503 71504 71505 71506 71507 71508 71509 71510 71512 71513 71514 71515 71516 71517 71518 71519 71520 71521 71522 71523 71524 71525 71526 71527 71528 71529 71530 71531 71532 71533 71534 71535 71536 71537 71538 71539 71540 71541 71542 71543 71544 71545 71546 71547
• Mail List Post: http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
  http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
  http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
• Vendor Specific Advisory URL: http://support.apple.com/kb/HT4554
• Vendor Specific News/Changelog Entry: http://support.apple.com/kb/HT4554
  http://support.apple.com/kb/HT4564
  http://support.apple.com/kb/HT4566
  https://bugs.meego.com/show_bug.cgi?id=14448
  https://bugs.webkit.org/show_bug.cgi?id=49197 [ Auth Req'd ]
  https://code.google.com/p/chromium/issues/detail?id=62296
• Vendor Specific Solution URL: http://trac.webkit.org/changeset/71642

• Abhishek Arya (Inferno) - Google Inc.