Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
Thor Larholm, a self-described "pretty ordinary guy from a small town in Denmark who enjoys hacking" came up with an exploit that takes advantage of the way protocol handlers work in Windows. (When a link specifies a protocol that the browser does not support, protocol handlers allow it to pass on the request to another program.)
The beta version of Safari for Windows does not adequately validate such links within IFRAMEs in web pages, allowing a malicious page to take advantage of the way applications such as Firefox handle requests from protocol handlers.
Aviv Raff noted a crash due to memory corruption that "might be exploitable", though that is a long way short of actually coming up with an exploit.
The most prolific vulnerability hunter so far seems to be David Maynor, CTO of Errata Security, who reports finding six exploitable bugs in one afternoon and claims to have "weaponized" one of them.
Four of the bugs merely cause Safari to crash, but two are said to allow remote code execution.
As you might expect, there is reportedly a lot of common code between the Mac and Windows versions of Safari, and consequently at least some of the issues relate to both versions.
Maynor wrote in the Errata Security blog "the bugs I discovered work on the currently shipping Safari browser on OSX and can be made uber reliable due to the lack of OSX security features."
Errata has a policy of not notifying Apple when it discovers vulnerabilities in that company's software, following what it saw as an attack on Maynor's credibility by Apple following his disclosure of flaws in Wi-Fi software, including some running on Macs.
"Apple successfully exploited the lack of details to attack his credibility in order to cover their own asses," wrote Errata's CEO Robert Graham in the corporate blog.
"We definitely expect in-the-wild usage to follow in the future, as well as the discovery of more vulnerabilities," warned Symantec security response engineer Eric Chien. "Hopefully many of these bugs will be scrubbed before the official release," he added.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
