Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Apple’s Safari Detected With ‘Highly Critical’ Zero-Day Vulnerability

Copenhagen (Denmark) situated software security services provider, Secunia, is cautioning of a security flaw within Apple's web browser, Safari, that can be exploited to get sensitive information exposed or to gain control over an end-user's PC.

The discoverer of the flaw, Krystian Kloskowski, a Polish security researcher, describes it as zero-day vulnerability that can result in the download of drive-by malware through the Safari. Infosecurity.com published this on May 10, 2010.

Reportedly, when a fault occurs in the manner parent Windows is handled, there emerges the flaw, which can lead to the calling of a function via an invalid pointer. Moreover, by exploiting this flaw, arbitrary code can be run if an end-user is made to open a maliciously-designed website and to close all the pop-up windows.

Remarking about this, US-CERT (US Computer Emergency Readiness Team) stated on May 10, 2010 that cybercriminals could exploit the vulnerability through a booby-trapped e-mail, which is read through Safari. The vulnerability has been proven to affect Windows 4.0.5 version as well as the most recent Mac version.

Peter James of Mac's security provider Intego said that Safari's Mac version had great chances of being vulnerable to the new exploit. That's because the two applications share their code repository in large proportions, James explained. Infosecurity.com reported this on May 10, 2010.

Furthermore, according to US-CERT, an HTML e-mail viewed inside Windows Live Hotmail or Gmail too may abuse this vulnerability. If hackers hijack the system's operating software, they can freely log onto the end-user's credentials pertaining to his credit cards or use his contacts' addresses. These hackers can also deploy malicious software and accomplish various evil objectives.

Hence, US-CERT is recommending people using Safari's Windows version that they must disable JavaScript and thus remain protected, albeit tentatively.

Meanwhile, Secunia has given this new vulnerability a "highly critical" rating which means it has the 2nd most severe risk ranking as per the firm's 5-tier severity scale.

Incidentally, Apple has had flaws within Safari in the past also. The last time it updated Safari was during mid-March 2010 when it patched 16 vulnerabilities, of which 6 were related to the browser's Windows version.

Related article: Apple Patches QuickTime 13 Month Old Flaw

» SPAMfighter News - 19-05-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next