Microsoft Identified An Apple Bug

By markwolfe
in Back Page News

 Share

Recommended Posts

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted

Source: eFlux Media

Microsoft Corp. just issued a heads-up to its clients concerning the use of Apple Inc.?s Safari Web browser after several reports were presented about the occurrence of a rather dangerous system intrusion.

Apparently, a flaw found in Apple?s browser, known as the Safari bug, permits attackers to run unauthorized software on a victim?s computer and fill its desktop with potentially malicious executable files. The intrusion is also known as carpet bombing and the dangerous executables appear to users as normal Windows executables.

The flaw can lead to the complications presented earlier only combined with an unresolved bug in Internet Explorer. The IE bug has been reported to Microsoft more than a year ago and the connection with Apple?s flaw was discovered just last week.

Both the Safari and IE bugs "are moderate vulnerabilities that, combined, produce a critical flaw, which allows remote code execution," security researcher Aviv Raff told PCWorld.

Microsoft considers this to be a real threat to its users and issued a full security advisory three days ago, where it explained the vulnerability of the system and recommended all Windows users running the Safari browser to restrict its use until a safer version will be released by its developers or by Apple?s.

Apple already patched more than 17 vulnerabilities for the Windows Safari version and, surely, measures for identifying the mechanism?s full process and removing the bug will be taken as soon as possible.

According to Microsoft?s reports, the flaw affects all versions of Windows XP and Vista.

So, it seems that an Apple Safari bug can be used with an IE bug to cause a huge problem, if I read this right...

Link to comment
https://www.neowin.net/forum/topic/641045-microsoft-identified-an-apple-bug/
Share on other sites
Grand Master

markwolfe Veteran

Posted
  • Author
  • Veteran
Posted
Who uses that crap anyway on windows? everyone know OSX apps do not belong on windows.......

Oh... I am thinking some smaller web developers who want to check rendering in Safari, but haven't purchased an Apple PC.

Something along those lines?

ouch! for Apple fanboys :p
... combined with an unresolved bug in Internet Explorer. The IE bug has been reported to Microsoft more than a year ago
ouch for the Microsoft fanboys, too. ;)
Veteran

CelticWhisper

Posted
Posted

I normally use Firefox exclusively but I've been meaning to give Safari-Win32 a shot. I might hold off, though, now that this has surfaced. Safari's a nice enough browser on OSX but I'm always up for cross-platform testing.

Any word on when a fix is due out?

Grand Master

majortom1981

Posted
Posted

I refuse to use safari since its still being shoved down my throat. Every time quicktime wants to be updated by default it selects safri to install.

Why is it all sorts of lawsuits get brought up against microsoft for doing this but nobody says anything about apple doing it.

Grand Master

markwolfe Veteran

Posted
  • Author
  • Veteran
Posted
...

Why is it all sorts of lawsuits get brought up against microsoft for doing this but nobody says anything about apple doing it.

You are perfectly entitled to sue Apple for this, if you like. Maybe you can consult a lawyer specializing in this area of law, and see about starting a class-action lawsuit.

The lawyer can either get the ball rolling (especially if he sees fame and fortune in it!), or explain why it would not make a good valid lawsuit.

Grand Master

The Teej

Posted
Posted
Who uses that crap anyway on windows? everyone know OSX apps do not belong on windows.......

I use Safari on Vista, but it's really because I like to have the "main 4" (IE, Opera, FF, Safari) on my machine. I sometimes test websites, and this requires me to check it out on as many browsers as possible :p

Grand Master

zeroday

Posted
Posted
Oh... I am thinking some smaller web developers who want to check rendering in Safari, but haven't purchased an Apple PC.

Indeed.

The IE bug has been reported to Microsoft more than a year ago and the connection with Apple?s flaw was discovered just last week.

o.O, so if they fixed this one year old bug, this problem could have been potentially avoided? I blame MS more here then apple, but apple windows safari devs need a good smack for being lazy.

Grand Master

CPressland

Posted
Posted
Why dont they concentrate on fiding bugs in there own OS and programs rather than fidning flaw in there rivals.

Because that'd be a different team???? Do you think that the entire Apple Staff work on only one project at a time? And besides, there is only a handful of known bugs left in OS 10.5.3 now anyway.

This bug still exists in Internet Explorer should the right piece of Javascript be used.

Apple never said that Safari was secure, they said it was fast, I know because I only watched the WWDC07 podcast again the other day in anticipation for WWDC08

At current Firefox is probably the most secure browser, also very fast. Lets face facts, any browser is still better then Internet Explorer. I mean that thing still cant render PNGs properly and uses more then 500MB of memory at any given time.

Back on topic though I see no reason for Apple to fix this bug in a hurry. It's very minor and if you're messed about as a result of this bug then you're going on the wrong kind of websites anyway, Warez sites for example.

Collaborator

rtk

Posted
Posted (edited)
Apple never said that Safari was secure, they said it was fast, I know because I only watched the WWDC07 podcast again the other day in anticipation for WWDC08

They sure have, and continue to do so on their web page:

"Apple engineers designed Safari to be secure from day one."

It's very minor and if you're messed about as a result of this bug then you're going on the wrong kind of websites anyway, Warez sites for example.

If by minor, you mean major, I'd agree with you. Cross site vulnerabilities and infected ad networks can expose this on just about any site, not just pron or warez sites.

Edited by rtk
Experienced

thejohnnyq

Posted
Posted

Apple does make security claims, and has refuses to acknowledge issues like the type ahead security issue.

Here is a test, that i have preformed dozens of times, and it scares the hell of someone when they realize what they are seeing. This has been replicated on Safari under windows vista, xp, 2k8, 32 and 64 os, mac and now Ipod touch.

open safari browser and type in www. and wait for the address list to show. it will show addresses that have been hit from the ip address that is hitting the Internet. i have done this on several different locations and devices, and they all do this. I have just got a ipod touch and connected to the wap device and loaded safari, typed in w , over 57 web sites listed.

The only thing that i can find is that there is traffic to and from google address.

Try it and see.

Grand Master

markwolfe Veteran

Posted
  • Author
  • Veteran
Posted
...

At current Firefox is probably the most secure browser...

I don't use Opera, but from reviewing secunia advisories, and how many known items are open, from the "big 4", I would say Opera looks the best in that respect.
o.O, so if they fixed this one year old bug, this problem could have been potentially avoided? I blame MS more here then apple, but apple windows safari devs need a good smack for being lazy.
To be honest, neither bug was very serious on its own, from what the news item states. I guess the accolades for "customer focus" will go to whichever company fixes it first.
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.