• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Another Zero-Day Hole Found in Safari


    Safari 4.0.5 has what researchers are calling a "highly critical" vulnerability that can potentially allow a hacker to install malware on Windows PCs. Analysts from Secunia, the security service provider from Denmark, believe that the same hole could exist on the Mac version as well, but this has not yet been confirmed. As yet there have been no known attacks in the wild exploiting the vulnerability.

    The zero-day hole involves a bug in the way Safari handles parent windows that would allow an attacker "to execute arbitrary code when a user visits a specially-crafted webpage and closes opened pop-up windows," Secunia's advisory reads. The US government's Computer Emergency Readiness Team (CERT) confirmed the vulnerability, and additionally notes that the hole can be exploited by HTML mail that's read using Safari, putting users of services like Gmail and Hotmail at risk. The US CERT warns that "exploit code for this vulnerability is publicly available."

    Polish researcher Krystian Koskowski discovered the hole, and executed a proof-of-concept hack in Secunia's labs. The firm gives the vulnerability "highly critical," the second-highest rating on its five-level scale.

    Apple has not commented on the reports, though they have been notified by Secunia and are likely getting a lot of attention from the cybersecurity guys at the US Department of Homeland Security. Until a patch is released, users are advised to disable JavaScript in the "Security" tab of Safari's preferences screen, and to never authenticate to sites that use HTTP basic authentication redirect you to a different domain.
    This article was originally published in forum thread: Another Zero-Day Hole Found in Safari started by Paul Daniel Ash View original post
    Comments 30 Comments
    1. iLaw-One's Avatar
      iLaw-One -
      Never liked nor use Safari anyways, so not breaking a sweat...
    1. ROFLwaffle's Avatar
      ROFLwaffle -
      I use Google Chrome.
    1. Amadomon's Avatar
      Amadomon -
      Really?? Safari for Windows? Who in the world uses THAT combo?
    1. Count Tracula's Avatar
      Count Tracula -
      If im ever on a pc, yeah. But im always pon di mac.

      If im ever on a pc, yeah. But mi always pon di mac.
    1. z3r01's Avatar
      z3r01 -
      pon di river pon di mac
    1. DisneyRicky's Avatar
      DisneyRicky -
      I had no new updates : / What's up with that?
    1. TooSlo's Avatar
      TooSlo -
      Because Apple has pretty bad response time to issues like this.

      The last zero day security risk was left open for almost a month before being patched.
    1. knguyen's Avatar
      knguyen -
      Chrome FTW
    1. s1l3nt's Avatar
      s1l3nt -
      good thing im using firefox
    1. battlecrushr's Avatar
      battlecrushr -
      Quote Originally Posted by Amadomon View Post
      Really?? Safari for Windows? Who in the world uses THAT combo?
      i do
      and its fast
    1. Success.Is.Sweet's Avatar
      Success.Is.Sweet -
      I'm loving the pictures on the recent news posts. Seems like the quality of reporting has gone up as well. Thanks guys.
    1. lolcats1's Avatar
      lolcats1 -
      Quote Originally Posted by battlecrushr View Post
      i do
      and its fast
      a snail once sat on a turtle's shell...

      he said: "wheeeeee!"

    1. BOB of Boise's Avatar
      BOB of Boise -
      Why would someone ever use Safari on Windows? I have Google Chrome.
    1. adp's Avatar
      adp -
      Quote Originally Posted by lolcats1 View Post
      a snail once sat on a turtle's shell...

      he said: "wheeeeee!"

      Holy crap I LOL'd my *** off with that pic
    1. awesomeSlayer's Avatar
      awesomeSlayer -
      Quote Originally Posted by lolcats1 View Post
      a snail once sat on a turtle's shell...

      he said: "wheeeeee!"

      Holy crap! LOL!

      There's a FireFox for that.
    1. lolcats1's Avatar
      lolcats1 -
      use 2 ipads

      multitask
    1. rhekt's Avatar
      rhekt -
      intego just had an update yesterday. didnt specify though
    1. ZmanGroup's Avatar
      ZmanGroup -
      thats why i use firefox
    1. Success.Is.Sweet's Avatar
      Success.Is.Sweet -
      Quote Originally Posted by lolcats1 View Post
      a snail once sat on a turtle's shell...

      he said: "wheeeeee!"

      By far the funniest rage comic I've seen in a long time. Thank you sir.
    1. whereswaldo's Avatar
      whereswaldo -
      Quote Originally Posted by Amadomon View Post
      Really?? Safari for Windows? Who in the world uses THAT combo?
      i do