Opera Software has released Opera 12.12 for Mac OS X, fixing two vulnerabilities that include one critical flaw and a low severity issue. The recommended upgrade offers general improvements and stability enhancements in addition to security fixes. Opera Software fixed a critical issue related to arbitrary code execution, where specifically crafted GIF image files can cause Opera to allocate the wrong amount of memory, and resolved a low severity bug that would allow Opera’s browser address field to display an incorrect address for the page that is currently being displayed. A third issue affecting UNIX-only was fixed as well, where private data could be disclosed to other computers, or be modified by them.
Opera Software disclosed further information about the two vulnerabilities affecting OS X, a critical flaw and a low severity issue, fixed in this browser upgrade. Details of the two bug fixes, from Opera’s security advisory, are as follows:
Malformed GIF images could allow execution of arbitrary code:
When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code.
Repeated attempts to access a target site can trigger address field spoofing:
The browser address field should always show the correct address for the page that is currently being displayed. By making repeated requests to load a target site in rapid succession, an attacking web site can cause Opera to display the target sites address while the attacking page is still being displayed. During such an attempt, the page loading icon may constantly flicker, indicating that the target page is attempting to load.
Users can update the software using the program’s built-in updater (choose Opera > Check for Updates), through its auto-updater (this can be turned on in Preferences > Advanced > Security), or from the Opera website.