• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Another Zero-Day Hole Found in Safari


    Safari 4.0.5 has what researchers are calling a "highly critical" vulnerability that can potentially allow a hacker to install malware on Windows PCs. Analysts from Secunia, the security service provider from Denmark, believe that the same hole could exist on the Mac version as well, but this has not yet been confirmed. As yet there have been no known attacks in the wild exploiting the vulnerability.

    The zero-day hole involves a bug in the way Safari handles parent windows that would allow an attacker "to execute arbitrary code when a user visits a specially-crafted webpage and closes opened pop-up windows," Secunia's advisory reads. The US government's Computer Emergency Readiness Team (CERT) confirmed the vulnerability, and additionally notes that the hole can be exploited by HTML mail that's read using Safari, putting users of services like Gmail and Hotmail at risk. The US CERT warns that "exploit code for this vulnerability is publicly available."

    Polish researcher Krystian Koskowski discovered the hole, and executed a proof-of-concept hack in Secunia's labs. The firm gives the vulnerability "highly critical," the second-highest rating on its five-level scale.

    Apple has not commented on the reports, though they have been notified by Secunia and are likely getting a lot of attention from the cybersecurity guys at the US Department of Homeland Security. Until a patch is released, users are advised to disable JavaScript in the "Security" tab of Safari's preferences screen, and to never authenticate to sites that use HTTP basic authentication redirect you to a different domain.
    This article was originally published in forum thread: Another Zero-Day Hole Found in Safari started by Paul Daniel Ash View original post
    Comments 30 Comments
    1. cypherpunk's Avatar
      cypherpunk -
      Wow, Apple are getting almost as bad as Microsoft for patching security issues. Sad, since there was a time they were pretty good on security.
      Then again, that works in our favor too. Remember, they took months to patch the blackra1n jailbreak.
    1. lolcats1's Avatar
      lolcats1 -
      Quote Originally Posted by cypherpunk View Post
      Wow, Apple are getting almost as bad as Microsoft for patching security issues.
      flip it 'round buddy. now you're a true red blooded amurican.
    1. tudtran's Avatar
      tudtran -
      That's y I don't use safari. It's slow.

      Is google chrome still in beta face for MAC
    1. GenNove's Avatar
      GenNove -
      people praise apple/mac. But in reality its been known. Apple is less secure then windows in every aspect.
      OSX is nothing but gloss.

      The experience microsoft have with security is worth everything to a company. Thats why microsoft is the top dog and apple plays like it is but if apple ruled the world we would not have the thousands of professions microsoft brought to the table.

      All hail google/microsoft for opening careers/jobs

      Apple is just a closed cult with no incentives to the world but their gadgets.

      The only real push was the app development but there they are so tight with their restrictions that
      anybody in the software industry is sick of apples antics
    1. moon#pie's Avatar
      moon#pie -
      Safari is the fastes cleanest browser for me. I don't need a bunch of addons that just make a browser run slower. I have not tried chime yet, but plan to do so soon.
    1. Kroo's Avatar
      Kroo -
      Quote Originally Posted by GenNove View Post
      people praise apple/mac. But in reality its been known. Apple is less secure then windows in every aspect.
      OSX is nothing but gloss.

      The experience microsoft have with security is worth everything to a company. Thats why microsoft is the top dog and apple plays like it is but if apple ruled the world we would not have the thousands of professions microsoft brought to the table.

      All hail google/microsoft for opening careers/jobs

      Apple is just a closed cult with no incentives to the world but their gadgets.

      The only real push was the app development but there they are so tight with their restrictions that
      anybody in the software industry is sick of apples antics
      So why are you here?????????????????????????????????????????????? ??? Update douche, this an Apple forum. Troll
    1. Enkidu's Avatar
      Enkidu -
      Instead of posting the same ol propaganda ******** arguments for or against Apple stuff, it'd be nice to actually read something about the issue at hand.

      Are there other workarounds than turning JavaScript off?
      Is the mac vulnerability confirmed?
      If Apple is slow to provide a patch, can't the community come up with one?

      "That's why I use Chrome/FireFox/IE..." has got to be the most stupid thing I read lately. Why are you morons even posting this?

      And like Kroo said, what the **** is wrong with you people whining about evil Apple on an Apple forum?!? Fools...

      Sorry mods, couldn't help myself ...
    1. Amadomon's Avatar
      Amadomon -
      Quote Originally Posted by battlecrushr View Post
      i do
      and its fast
      Try Chrome. It's faster.
    1. extremzocker's Avatar
      extremzocker -
      hope Apple manages to patch this soon...
    1. TheDirtyDiddler's Avatar
      TheDirtyDiddler -
      Fuk'd!