CyberInsecure.com

Daily cyber threats and internet security news alerts
March 25th, 2008

Apple Safari For Windows Critical Vulnerabilities

Two new highly critical security advisories have been issued for Apple’s new Safari 3.1 Windows browser.

Juan Pablo Lopez Yacubian has discovered and provided two vulnerabilities in Safari, which can be exploited by malicious users to conduct spoofing attacks or potentially compromise a remote system.

1) An error when downloading, for example, a .ZIP file with an overly long filename can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.

2) An error in the handling of windows can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

The vulnerabilities are confirmed in version 3.1 for Windows. Other versions may also be affected.

Temporal Solution: Do not browse untrusted web sites.

Solution Status:  UNPATCHED

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • Facebook
  • LinkedIn
More on CyberInsecure:
  • Apple Patches Multiple Vulnerabilities In Safari 3.1.1
  • Apple’s Safari Downloads Websites Resources Without Asking For Permission
  • Basic Flaws Allow Phishing And Spamming Vulnerabilities In iPhone
  • Apple QuickTime Multiple Remote Vulnerabilities
  • Microsoft Alerts Users Not To Use Safari Due To Carpet Bombing Vulnerability

    • Posted in Vulnerabilities | Print This Post Print This Post

    This entry was posted on Tuesday, March 25th, 2008 at 3:19 pm and is filed under Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Apple Safari For Windows Critical Vulnerabilities

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. Please leave your real email, it wont be published.

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word

    « « CA BrightStor Users Under Attack
    Nine Out Of Ten Websites Are Vulnerable To Attack » »