No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

Related Articles

Adoption of cloud computing has reached a tipping point  - but don’t expect legacy...
Read More
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Read More
Recruitment technology and social media have played a significant role in growing business in...
Read More
Facebook has launched an Antivirus Marketplace, initially offering products from Microsoft, McAfee, Trend Micro,...
Read More
US researchers have found strong correlation between the increased incidence of sexually transmitted disease...
Read More

More From

Popular Threads

Flaws surface in Safari for Windows

Stephen Withers
Wednesday, 13 June 2007 08:23

Your IT - Home IT

View Comments
Security researchers began picking holes in Apple's Safari for Windows within hours of its beta release.
Thor Larholm, a self-described "pretty ordinary guy from a small town in Denmark who enjoys hacking" came up with an exploit that takes advantage of the way protocol handlers work in Windows. (When a link specifies a protocol that the browser does not support, protocol handlers allow it to pass on the request to another program.)

The beta version of Safari for Windows does not adequately validate such links within IFRAMEs in web pages, allowing a malicious page to take advantage of the way applications such as Firefox handle requests from protocol handlers.

Aviv Raff noted a crash due to memory corruption that "might be exploitable", though that is a long way short of actually coming up with an exploit.

The most prolific vulnerability hunter so far seems to be David Maynor, CTO of Errata Security, who reports finding six exploitable bugs in one afternoon and claims to have "weaponized" one of them.

Four of the bugs merely cause Safari to crash, but two are said to allow remote code execution.

As you might expect, there is reportedly a lot of common code between the Mac and Windows versions of Safari, and consequently at least some of the issues relate to both versions.

Maynor wrote in the Errata Security blog "the bugs I discovered work on the currently shipping Safari browser on OSX and can be made uber reliable due to the lack of OSX security features."

Errata has a policy of not notifying Apple when it discovers vulnerabilities in that company's software, following what it saw as an attack on Maynor's credibility by Apple following his disclosure of flaws in Wi-Fi software, including some running on Macs.

"Apple successfully exploited the lack of details to attack his credibility in order to cover their own asses," wrote Errata's CEO Robert Graham in the corporate blog.

"We definitely expect in-the-wild usage to follow in the future, as well as the discovery of more vulnerabilities," warned Symantec security response engineer Eric Chien. "Hopefully many of these bugs will be scrubbed before the official release," he added.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases