Page 1 of 2 12 LastLast
Results 1 to 20 of 31

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Another Zero-Day Hole Found in Safari

  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default Another Zero-Day Hole Found in Safari


    Safari 4.0.5 has what researchers are calling a "highly critical" vulnerability that can potentially allow a hacker to install malware on Windows PCs. Analysts from Secunia, the security service provider from Denmark, believe that the same hole could exist on the Mac version as well, but this has not yet been confirmed. As yet there have been no known attacks in the wild exploiting the vulnerability.

    The zero-day hole involves a bug in the way Safari handles parent windows that would allow an attacker "to execute arbitrary code when a user visits a specially-crafted webpage and closes opened pop-up windows," Secunia's advisory reads. The US government's Computer Emergency Readiness Team (CERT) confirmed the vulnerability, and additionally notes that the hole can be exploited by HTML mail that's read using Safari, putting users of services like Gmail and Hotmail at risk. The US CERT warns that "exploit code for this vulnerability is publicly available."

    Polish researcher Krystian Koskowski discovered the hole, and executed a proof-of-concept hack in Secunia's labs. The firm gives the vulnerability "highly critical," the second-highest rating on its five-level scale.

    Apple has not commented on the reports, though they have been notified by Secunia and are likely getting a lot of attention from the cybersecurity guys at the US Department of Homeland Security. Until a patch is released, users are advised to disable JavaScript in the "Security" tab of Safari's preferences screen, and to never authenticate to sites that use HTTP basic authentication redirect you to a different domain.

  2. The Following User Says Thank You to Paul Daniel Ash For This Useful Post:

    triniflavaforya (05-11-2010)

  3. #2
    Never liked nor use Safari anyways, so not breaking a sweat...
    Last edited by iLaw-One; 05-11-2010 at 04:30 PM.

  4. #3
    iPhone? More like MyPhone ROFLwaffle's Avatar
    Join Date
    Nov 2009
    Location
    Mineral Wells, Texas
    Posts
    156
    Thanks
    53
    Thanked 26 Times in 19 Posts

    I use Google Chrome.

  5. #4
    Really?? Safari for Windows? Who in the world uses THAT combo?

  6. #5
    If im ever on a pc, yeah. But im always pon di mac.

    If im ever on a pc, yeah. But mi always pon di mac.
    Last edited by Count Tracula; 05-11-2010 at 04:46 PM. Reason: Automerged Doublepost

  7. #6
    pon di river pon di mac
    [IMG]http://img829.imageshack.us/img829/9703/modu.gif[/IMG]

  8. #7
    I had no new updates : / What's up with that?
    My Devices:

    iPod Touch 4g 4.1 - Jailbroken
    iPad 4.2.1 - Jailbroken

  9. #8
    iPhoneaholic
    Join Date
    Jul 2009
    Location
    Bellevue, WA
    Posts
    438
    Thanks
    43
    Thanked 46 Times in 41 Posts

    Because Apple has pretty bad response time to issues like this.

    The last zero day security risk was left open for almost a month before being patched.

  10. #9
    Chrome FTW

  11. #10
    good thing im using firefox

  12. #11
    CHUCK-TASTIC battlecrushr's Avatar
    Join Date
    Jun 2009
    Location
    Houston follow @al_da_beast
    Posts
    7,940
    Thanks
    273
    Thanked 1,034 Times in 956 Posts

    Quote Originally Posted by Amadomon View Post
    Really?? Safari for Windows? Who in the world uses THAT combo?
    i do
    and its fast




    Please know we are praying Kyle (poetic_folly) and Robyn Matthews for your little one.
    You too blkcadi
    Thank You.

  13. #12
    I'm loving the pictures on the recent news posts. Seems like the quality of reporting has gone up as well. Thanks guys.

  14. #13
    Quote Originally Posted by battlecrushr View Post
    i do
    and its fast
    a snail once sat on a turtle's shell...

    he said: "wheeeeee!"

    Last edited by lolcats1; 05-11-2010 at 06:32 PM. Reason: Automerged Doublepost

  15. The Following 2 Users Say Thank You to lolcats1 For This Useful Post:

    mortopher (05-11-2010), Success.Is.Sweet (05-11-2010)

  16. #14
    Why would someone ever use Safari on Windows? I have Google Chrome.

  17. #15
    Livin the iPhone Life adp's Avatar
    Join Date
    Jan 2009
    Location
    South FL
    Posts
    1,789
    Thanks
    32
    Thanked 460 Times in 321 Posts

    Quote Originally Posted by lolcats1 View Post
    a snail once sat on a turtle's shell...

    he said: "wheeeeee!"

    Holy crap I LOL'd my *** off with that pic
    If I helped you out, please use the Thanks button ------------------------->

  18. #16
    MMi's "X" Member awesomeSlayer's Avatar
    Join Date
    May 2008
    Location
    Dragonspiral Tower in 3DS
    Posts
    4,524
    Thanks
    114
    Thanked 347 Times in 259 Posts

    Quote Originally Posted by lolcats1 View Post
    a snail once sat on a turtle's shell...

    he said: "wheeeeee!"

    Holy crap! LOL!

    There's a FireFox for that.
    Asking for help is different from being stupid. Fanboys can rot in @#$%!

  19. #17
    use 2 ipads

    multitask

  20. #18
    intego just had an update yesterday. didnt specify though
    killall Terminal[]

  21. #19
    thats why i use firefox

  22. #20
    Quote Originally Posted by lolcats1 View Post
    a snail once sat on a turtle's shell...

    he said: "wheeeeee!"

    By far the funniest rage comic I've seen in a long time. Thank you sir.

Page 1 of 2 12 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •