Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"I too have been a labor voter for many years and will not be voting for them again. The ..."
on Net filter legislation to go public by March
by maxt | Feb 9, 2010 7:56 PM
 
"I’ve just had a user receive a rehashed version of this with an attached html file containing a ..."
on ATO struck by new phishing scam
by Owen Lutz | Feb 9, 2010 6:01 PM
 
"hi"
on Chinese hacker school shut down
by manish kumar | Feb 9, 2010 4:27 PM
 
"Hey 'hey con-roy' ... from Google Australia's head of policy Iarla Flynn"We don't believe that ..."
on Conroy meets with Google for YouTube filtering
by Keep it real | Feb 9, 2010 3:33 PM
 
"@penno Off-site storage is a good solution unless you have some decent backup software to ..."
on Opinion: My holiday tip - backup your data now
by Charmgene | Feb 9, 2010 2:36 PM
Web

More Safari bugs found after Windows release

  • Email a Friend
  • Print Page
More Safari bugs found after Windows release
Related Articles
By Frank Washkuch
Jun 14, 2007 7:33 AM
Tags: Researchers | find | Safari | bugs | just | hours | after | Windows | release
Bug hunters have claimed numerous flaws in Apple's Safari web browser just hours after its release for Windows.
Less than a full day after Safari version 3 beta was released for Windows and Mac, researcher Thor Larholm revealed a "fully functional command execution vulnerability, triggered without user interaction simply by visiting a website."

Larholm released proof-of-concept code for the flaw on his website today.

"Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted toward this new Windows browser," Larholm said on his website today.

David Maynor, founder and CTO of Errata Security, said on Monday on the company’s blog that researchers found a number of bugs in the beta that also work for the OS X version.

"I’d like to note that we found a total of six bugs in an afternoon, four DoS and two remote code execution bugs. We have weaponised one of those to be reliable and it’s different than what [Larholm] has found.

I can’t speak for anybody else, but the bugs found in the beta copy of Safari on Windows work on the production copy of OS X as well (same code base for a lot of stuff)," he said. "The exploit is robust, mostly thanks to the lack of any kind of advanced security features in OS X."

Tim Erlin, vulnerability and exposure manager at nCircle, told SCMagazine.com that vendors who stress security face additional scrutiny from hackers, even if their products are in beta.

"This is interesting because you have to wonder whether it was intentional on Apple’s part. If you release a beta, you expect [vulnerabilities] to be found, and that way you get them taken care of before the actual release," he said.

"I think that [a hackers'] target tends to move to whoever has most recently made declarations of secure development. That was the case when Microsoft announced major security enhancements in Vista."

An Apple representative could not be reached for comment.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
apple bugs firefox flaw flaws google iphone january kernel lowrisk microsoft mozilla office patch patches patching researchers security update windows