Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 25th, 2008

Apple Safari For Windows Critical Vulnerabilities

Two new highly critical security advisories have been issued for Apple’s new Safari 3.1 Windows browser.

Juan Pablo Lopez Yacubian has discovered and provided two vulnerabilities in Safari, which can be exploited by malicious users to conduct spoofing attacks or potentially compromise a remote system.

1) An error when downloading, for example, a .ZIP file with an overly long filename can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.

2) An error in the handling of windows can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

The vulnerabilities are confirmed in version 3.1 for Windows. Other versions may also be affected.

Temporal Solution: Do not browse untrusted web sites.

Solution Status:  UNPATCHED

Share this item with others:

More on CyberInsecure:
  • Apple Patches Multiple Vulnerabilities In Safari 3.1.1
  • Privacy Flaw Found In Apple Safari RSS Reader
  • Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001
  • Apple Patch 67 Mac OS X And Safari Vulnerabilities
  • Apple Releases iOS 4.3 Security Update, Incompatible iPhone 3G Users Remain Unprotected

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Apple Safari For Windows Critical Vulnerabilities

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.