Critical Apple Safari Security Vulnerability Affects Windows PCs

 
 
By Brian Prince  |  Posted 2010-05-10 Email Print this article Print
 
 
 
 
 
 
 

A critical security flaw in Apple's Safari browser leaves Windows PCs open to attacks. Exploit code is publicly available, and US-CERT is advising users to avoid suspicious links and consider disabling JavaScript.

A security researcher has uncovered a critical bug affecting Apple Safari that could be exploited to run malicious code on Windows computers.

The discovery of the flaw is credited to researcher Krystian Kloskowski. According to an advisory from Danish security firm Secunia, the vulnerability is due to an error in the handling of parent Windows and can result in a function call using an invalid pointer.

"This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows," Secunia wrote in its advisory. "The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected."

US-CERT warned that exploit code for the vulnerability is publicly available and that, by persuading a victim to view an HTML document such as a Web page or e-mail attachment in Apple Safari, an attacker could run arbitrary code with the privileges of the user. Users should avoid unsolicited links in e-mails, instant messages, Web forums or Internet relay chat channels, according to US-CERT.

Anyone concerned about the vulnerability can disable JavaScript in Safari until a fix is available, though many Websites require JavaScript to operate properly.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel