Apple’s Safari Found to be Flawed for Windows Browser
According to Security Researcher, Juan Pablo Lopez Yacubian from Argentina, flaws in Apple's Safari for Windows browser could be exploited to allow hackers to take control of an affected computer, as reported by Webusers on March 25, 2008.
Lopez Yacubian showed that the vulnerabilities most seriously influence the Safari browser for Windows 3.1 allowing hackers to spoof a Web address in order to add some different content or another page. This implies that even when users find a trusted URL in the address bar of the browser, the site could be showing unauthorized content causing the computer to be at risk.
According to the researcher, by exploiting the vulnerability, it is possible to cause a corruption in the memory. Further, the exploitation could allow running an arbitrary code. Secunia, the security firm, has rated the flaws as "highly critical" the second highest security rating on the company's scale.
Another flaw that the researcher reported relates to a fault that shows up when files with too long a name is downloaded. This fault could be exploited leading to corruption in the memory, which could allow acquiring remote control of the affected computer. A fault in the manner of handling Windows could be exploited so that arbitrary content is displayed even though the URL of a reliable site appears on the address bar. Patches for the problems haven't been still found.
Further, the flaws have been discovered after Mozilla, the creators of the Firefox browser, criticized the adding of Safari browser to an Apple software update for users of iTunes on PCs, running Windows.
Chief Executive, John Lilly, Mozilla said that forcing people to use the browser was not right for those who only looking for updating iTunes. This way the trust that customers develop for known companies is undermined. This is bad not only for Apple but even for the entire Web's security, as reported by Webuser on March 25, 2008.
Rich Mogull, Founder of Securosis, a consultancy firm, said that efforts of Apple to create increased marketing volume for Safari could act to be deceptive, as reported by SCMagazine on March 25, 2008.
Related article: Apple Patches QuickTime 13 Month Old Flaw
» SPAMfighter News - 31-03-2008