Highly critical Safari vulnerability published

Secunia last week published a new vulnerability affecting Apple’s desktop Safari browser. The new exploit can be used by malicious users to execute arbitrary code on the system and is deemed to be “highly critical”. 

The security research company found the exploit to grant system level access when a user "visits a specially crafted web page and closes opened pop-up windows”. Affected versions include Safari 4.0.5 for Windows, though other versions and operating systems might also be affected. 

The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.

Secunia credits Krystian Kloskowski with the discovery and advises users to refrain from visiting untrusted web sites or links until Apple provides an update.

Apple’s Safari internet browser is available for both Mac and PC. Safari 4 added many new features including Top Sites, Cover Flow, Full History Search, a new javascript ‘Nitro’ engine, new developer tools, and a brand new interface for Windows users. 

Report a problem with article
Previous Story

Twitter fixes flaw that allowed users to force anyone to follow them

Next Story

Little Big Planet 2 offers more creative fun this winter

56 Comments

Commenting is disabled on this article.

protocol7 said,
Well, Steve was right. Cross-compiling does produce substandard apps.

no, Apple just doesnt know how to write Apps for other platforms. FireFox seems to be doing really well on Windows/OSX/Linux.

If it is done right and if the support is good, an app can be written for all platforms.

techbeck said,

no, Apple just doesnt know how to write Apps for other platforms. FireFox seems to be doing really well on Windows/OSX/Linux.

If it is done right and if the support is good, an app can be written for all platforms.

+1

what about itunes and quicktime?!

Heartripper said,

+1

what about itunes and quicktime?!

itunes and quicktime are both a joke and never worked well on Windows...at least not any of the times I tried them.

And does anyone even use QT anymore? I never even install it these days.

techbeck said,

itunes and quicktime are both a joke and never worked well on Windows...at least not any of the times I tried them.

And does anyone even use QT anymore? I never even install it these days.


I think nobody would use it anymore.... but it's bundled with itunes which is quite used thanks to ipod. Moreover QT is suggested by firefox to play mp3's such as the pop of FB's chat. Thank God VLC exists!

If someone is trolling MS news that doesnt mean that you have to troll Apple news, unless.. of course you are a troll...

Timan said,

Yep, any bit of anti-apple news to feed the trolls

I find it curious that when Microsoft vulnerabilities are made public, it seems to be ok to bash Microsoft. Yet when Apple vulnerabilities are announced, anybody who bashes Apple is labelled a "troll".

Yep, very curious indeed.

TCLN Ryster said,

I find it curious that when Microsoft vulnerabilities are made public, it seems to be ok to bash Microsoft. Yet when Apple vulnerabilities are announced, anybody who bashes Apple is labelled a "troll".

Yep, very curious indeed.

Read the definition of a Troll. If all you are doing is bitching/moaning....spewing insults...trying to cause issues...then you are a troll. If you bring substance and offer good info to a post...then you are not a troll.

TCLN Ryster said,

I find it curious that when Microsoft vulnerabilities are made public, it seems to be ok to bash Microsoft. Yet when Apple vulnerabilities are announced, anybody who bashes Apple is labelled a "troll".

Yep, very curious indeed.

When was the last time someone trolled a microsoft security update, i think the tech people on the site realise that all browsers, OS's and software have security vunerabilities regardless.

REM2000 said,

When was the last time someone trolled a microsoft security update, i think the tech people on the site realise that all browsers, OS's and software have security vunerabilities regardless.

I see this excuse used on every Apple topic, but I don't really see it.

AgentGray said,
how's teasing apple (who are arrogant with it's security) trolling for this.

Look, I'm no fan of Apple by far, but these jokes with their slogan or sayings come out each and every damn time they have a security related issue, hence the sarcasm as I said "clever". My point I guess is this: if you're going to come into every thread about Apple security, at least come with some fresh material.

Edited by dead.cell, May 10 2010, 8:39pm :

how long till apple fixes it.... oh i forgot they will blame something else for there mistakes then after awhile they will silently fix the issue but for a cost i would imagine.

soldier1st said,
how long till apple fixes it.... oh i forgot they will blame something else for there mistakes then after awhile they will silently fix the issue but for a cost i would imagine.

Of course it will be for a cost. Don't you have your account set aside for those times that Apple releases security updates?

soldier1st said,
how long till apple fixes it.... oh i forgot they will blame something else for there mistakes then after awhile they will silently fix the issue but for a cost i would imagine.

-1
You fail at trolling. At least the other trolls use a bit of truth behind their comments. Apple has never charged for security updates.

soldier1st said,
how long till apple fixes it.... oh i forgot they will blame something else for there mistakes then after awhile they will silently fix the issue but for a cost i would imagine.

Apple has blamed others for their mistakes....thats no secret. However, they never charged for bug fixes as far as I am aware of.

SputnikGamer said,
Apple has never charged for security updates.
That's not quite true either. Apple effectively does charge for security updates by terminating software support very quickly.


- Didn't see the point in buying Leopard and stayed with Tiger? No security updates. This actually begs a different question about what happened to people running Tiger using a PowerPC chip (non-Intel, and thus not eligible for Snow Leopard) people. I don't even know where to buy plain Leopard.
- Didn't feel like upgrading from iPhone OS 2 to iPhone OS 3 (on your iPod touch) for a $10 fee. No security updates. The same happened with iPhone OS 1 to iPhone OS 2, and will happen for iPhone OS 4.


Now, I say this as a Mac and PC owner with a first generation iPod touch, iPhone 3GS and Zune HD. I like their hardware, but I am not drinking their software Koolaid.

@pickypg
Tiger still received security updates after Leopard was released. Leopard still receives security updates now Snow Leopard has been released...

swanlee said,
It just works!!!!

so well that anyone can use your MAC even someone else hacking through safari

Use your MAC to do what? Send packets?

NeoTrunks said,

Use your MAC to do what? Send packets?

I use MAC address filtering (I know it's a horrible security feature but I'm just lazy)

NeoTrunks said,

Use your MAC to do what? Send packets?

No, that is an AirPort address. Rather than usining standard industry names, Apple decided that they knew better and renamed it.

nohone said,

No, that is an AirPort address. Rather than usining standard industry names, Apple decided that they knew better and renamed it.

That's not how it's labeled on my Mac.

NeoTrunks said,

That's not how it's labeled on my Mac.

I don't have my Mac with me now, but if you open up the network settings they have it labeled as Airport Address. When I got my Mac, a Mini about 3 years ago, it took me forever to find what the MAC address was because I use filtering in my router. Finally, I realized that MAC Address was, in the UI, Airport Address.

nohone said,

I don't have my Mac with me now, but if you open up the network settings they have it labeled as Airport Address. When I got my Mac, a Mini about 3 years ago, it took me forever to find what the MAC address was because I use filtering in my router. Finally, I realized that MAC Address was, in the UI, Airport Address.

Odd. The only place I can find any mention of what your MAC address is in the Network Utility. And it is labeled as Hardware Address. Three years ago, you must have had Tiger, I assume. I can't imagine anything like this has changed. Whenever I needed to know something like this, when I first got my Mac, I'd just use ifconfig in the terminal. Network Utility does the trick though.

I found what you meant: The Airport ID. Probably something to do with the configuration of one of their Airport routers. I don't actually have one, though.

Edited by NeoTrunks, May 10 2010, 7:37pm : Correction

NeoTrunks said,

Odd. The only place I can find any mention of what your MAC address is in the Network Utility. And it is labeled as Hardware Address. Three years ago, you must have had Tiger, I assume. I can't imagine anything like this has changed. Whenever I needed to know something like this, when I first got my Mac, I'd just use ifconfig in the terminal. Network Utility does the trick though.

I found what you meant: The Airport ID. Probably something to do with the configuration of one of their Airport routers. I don't actually have one, though.

I have Leopard, and have not upgraded to Snow Leopard yet. I do not have an Airport router, either. I just always assumed that they named it Airport Address/ID to lessen the confustion of someone asking "What is your MAC address", and confusing the hell out of a new Mac user.

dimithrak said,
Good thing I use Chrome

Chrome not effected even though it uses the same base for rendering html?

"...advises users to refrain from visiting untrusted web sites or links until Apple provides an update..."
So it's okay to visit untrusted websites after this patch is issued? /sigh

Xenosion said,
"...advises users to refrain from visiting untrusted web sites or links until Apple provides an update..."
So it's okay to visit untrusted websites after this patch is issued? /sigh

Untrusted doesn't exactly mean bad, but just that... you don't trust them quite just yet? I mean, any search you perform on Google, Bing, etc. is going to lead you to a site that you can't exactly be sure of before hand. Even then, it isn't uncommon for a trusted site to have a rogue ad which screws things up for them.

Xenosion said,
"...advises users to refrain from visiting untrusted web sites or links until Apple provides an update..."
So it's okay to visit untrusted websites after this patch is issued? /sigh

Users are advised to visit untrusted, malicious, & harmful web sites after Apple provides an update...

dead.cell said,

Untrusted doesn't exactly mean bad, but just that... you don't trust them quite just yet? I mean, any search you perform on Google, Bing, etc. is going to lead you to a site that you can't exactly be sure of before hand. Even then, it isn't uncommon for a trusted site to have a rogue ad which screws things up for them.

To me, it's just a bad choice of words.

dead.cell said,
*watches to see how long it takes before "It just works" comment is posted*

It just works. Like crap.

dead.cell said,
*watches to see how long it takes before "It just works" comment is posted*

I was thinking the exact same thing. I wonder if this also affects the Mac and iPhone versions as well.

NeoTrunks said,

I was thinking the exact same thing. I wonder if this also affects the Mac and iPhone versions as well.

I doubt it. The code for handling windows would be different. Kind of odd that the screenshot is of Safari on Mac.

crazyfish said,

I doubt it. The code for handling windows would be different. Kind of odd that the screenshot is of Safari on Mac.

you're wrong
according to secunia :
"The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. "

it's a flaw in the javascript engine, not in the OS specific windowing system
chances are high that this flaw also exists on OSX, but the proof of concept has been developped only on windows

dead.cell said,
*watches to see how long it takes before "It just works" comment is posted*

Far longer time than it takes for someone to ask how long it takes before "it just works" is posted, I assure you.

link8506 said,

you're wrong
according to secunia :
"The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. "

it's a flaw in the javascript engine, not in the OS specific windowing system
chances are high that this flaw also exists on OSX, but the proof of concept has been developped only on windows


you sir are right

dead.cell said,
*watches to see how long it takes before "It just works" comment is posted*

When apple says "it just works", they really mean "it just works" - i.e. it barely works...