Apple's Newly Patched WinSafari Springs New Leak

 
 
By Lisa Vaas  |  Posted 2007-06-17 Email Print this article Print
 
 
 
 
 
 
 

Security researcher Robert Swiecki has found yet another hole in WinSafari—this time in the newly patched 3.0.1 version that Apple hurried out in response to holes Swiecki and others found in the browser beta earlier last week.

This vulnerability can be exploited with a malicious Web site, where an attacker can fill in a victim's URL bar with whatever address he or she chooses. An attacker can also fill the client browser window with arbitrary content.

Swiecki tested the vulnerability on what he called the "shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2."

Another security researcher, Mark Senior, reported that he tested the vulnerability on OS X, Safari 2.0.4, OmniWeb 5.5.4, and Camino 1.0.3 but, although all "have different behaviors," none is vulnerable, he said.

Apple hadn't responded to requests for comment by the time this posted.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel