Apple Safari For Windows Critical Vulnerabilities

March 25th, 2008

Apple Safari For Windows Critical Vulnerabilities

Two new highly critical security advisories have been issued for Apple’s new Safari 3.1 Windows browser.

Juan Pablo Lopez Yacubian has discovered and provided two vulnerabilities in Safari, which can be exploited by malicious users to conduct spoofing attacks or potentially compromise a remote system.

1) An error when downloading, for example, a .ZIP file with an overly long filename can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.

2) An error in the handling of windows can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

The vulnerabilities are confirmed in version 3.1 for Windows. Other versions may also be affected.

Temporal Solution: Do not browse untrusted web sites.

Solution Status: UNPATCHED

Share this item with others:

More on CyberInsecure:

Apple Patches Multiple Vulnerabilities In Safari 3.1.1

Privacy Flaw Found In Apple Safari RSS Reader

Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001

Apple Patch 67 Mac OS X And Safari Vulnerabilities

Apple Releases iOS 4.3 Security Update, Incompatible iPhone 3G Users Remain Unprotected

Posted in Vulnerabilities |

Print This Post

This entry was posted on Tuesday, March 25th, 2008 at 3:19 pm and is filed under Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: Apple Safari For Windows Critical Vulnerabilities

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.