Posts by: Robert Vamosi, CNET.com
Another flaw within Safari 3.0 for Windows beta
Robert Vamosi, CNET.com | Jun 15, 2007
Security researcher Robert Swiecki disclosed yesterday another vulnerability within the new Safari 3.0 for Windows beta, bringing the total of public vulnerabilities to nine. The latest flaw allows an attacker to steal a cookie. The flaw exists in the Javascript's window.setTimeout()implementation where the content the timer-triggered function is processed after window.location property is changed.
In response to other Safari 3.0 vulnerabilities, Apple released an updated version that addresses three of the nine public vulnerabilities.
Security researchers: Safari for Windows not so secure
Robert Vamosi, CNET.com | Jun 13, 2007
Within hours of Apple's public release of the beta for Safari 3.0 for Windows, three security researchers independently found holes within the new browser. Researcher Aviv Raff highlighted in a blog post the company's product statement, that reads: "Apple's engineers designed Safari to be secure from day one." Raff found a vulnerability, a memory corruption error that could allow an attacker to insert malicious code on a Windows machine, within three minutes using publicly available fuzzing tools.
 | ||||
| | | ||
| Related links Apple WWDC roundup here
Steve Job's keynote in full
Apple invites Windows users on Safari
Apple takes Safari to Windows and iPhone
| | ||
| |
||||
| | ||||
Security researcher David Maynor, posting on his Errata security blog, said he was also able to generate a memory corruption error "in no time." By the end of the day, he was able to generate a total of six bugs--four producing a denial of service (crash), and two capable of executing remote code.
Veteran security researcher Thor Larholm wrote in his blog that he found a "0day" vulnerability in Safari within two hours. The flaw exists in how Safari handles URL protocols within Windows, causing a denial of service (crash). Larholm has published an exploit to demonstrate the flaw.
All of the vulnerabilities were found on Windows machines; none of the researchers could say whether these flaws also existed on the Mac OS.
Crave is...
The name says it all. Crave is our blog about cool gadgets and other crushworthy stuff.
Drop us an email if you have tips or suggestions.
Crave for...
» Mobile Phones (2190)
» Digital Cameras (966)
» Notebooks (1222)
» PC & Peripherals (1297)
» Handhelds (581)
» Printers (79)
» Home AV (1131)
» Music & Play (884)
» Gadgets (1466)
» Future Tech (384)
» Green Tech (169)
» Lifestyle (151)
» Luxury (22)
» Home Appliances (57)
» Cars (98)
» Games and Gear (244)
» Software (90)
» Web (98)
Previously...
Hot Topics
What's Hot
apple apple inc. apple iphone apple ipod asia battery camera game google inc. iphone microsoft corp. microsoft windows mobile phone photograph singapore smart phone software sony corp. video
Copyright © 2009 CBS Interactive Inc. All rights reserved. Privacy Policy.
