A security researcher has uncovered a critical bug affecting
Apple Safari that could be exploited to run malicious code on Windows
The discovery of the flaw is credited to researcher Krystian
Kloskowski. According to an advisory from Danish security firm Secunia
the vulnerability is due to an error in the handling of parent Windows and can
result in a function call using an invalid pointer.
"This can be exploited to execute arbitrary code when a user e.g. visits a
specially crafted web page and closes opened pop-up windows," Secunia wrote in
its advisory. "The vulnerability is confirmed in Safari version 4.0.5 for
Windows. Other versions may also be affected."
exploit code for the vulnerability is publicly available and that, by persuading
a victim to view an HTML document such as a Web page or e-mail attachment in
Apple Safari, an attacker could run arbitrary code with the privileges of the
user. Users should avoid unsolicited links in e-mails, instant messages, Web
forums or Internet relay chat channels, according to US-CERT.
Anyone concerned about the vulnerability can disable
in Safari until a fix is available, though many Websites require