+ Reply
Page 1 of 2 12 LastLast
Results 1 to 20 of 31

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Another Zero-Day Hole Found in Safari

is a discussion within the

Mac News

forums, a part of the

General Apple/Mac

section;
Safari 4.0.5 has what researchers are calling a "highly critical" vulnerability that can potentially allow a hacker to install malware on Windows PCs. Analysts from Secunia, the security service provider
...
  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 996 Times in 401 Posts

    Default Another Zero-Day Hole Found in Safari


    Safari 4.0.5 has what researchers are calling a "highly critical" vulnerability that can potentially allow a hacker to install malware on Windows PCs. Analysts from Secunia, the security service provider from Denmark, believe that the same hole could exist on the Mac version as well, but this has not yet been confirmed. As yet there have been no known attacks in the wild exploiting the vulnerability.

    The zero-day hole involves a bug in the way Safari handles parent windows that would allow an attacker "to execute arbitrary code when a user visits a specially-crafted webpage and closes opened pop-up windows," Secunia's advisory reads. The US government's Computer Emergency Readiness Team (CERT) confirmed the vulnerability, and additionally notes that the hole can be exploited by HTML mail that's read using Safari, putting users of services like Gmail and Hotmail at risk. The US CERT warns that "exploit code for this vulnerability is publicly available."

    Polish researcher Krystian Koskowski discovered the hole, and executed a proof-of-concept hack in Secunia's labs. The firm gives the vulnerability "highly critical," the second-highest rating on its five-level scale.

    Apple has not commented on the reports, though they have been notified by Secunia and are likely getting a lot of attention from the cybersecurity guys at the US Department of Homeland Security. Until a patch is released, users are advised to disable JavaScript in the "Security" tab of Safari's preferences screen, and to never authenticate to sites that use HTTP basic authentication redirect you to a different domain.

  2. The Following User Says Thank You to Paul Daniel Ash For This Useful Post:

    triniflavaforya (05-11-2010)

  3. #2
    ALIENS ARE REAL iLaw-One's Avatar
    Join Date
    Oct 2009
    Location
    London
    Posts
    401
    Thanks
    10
    Thanked 46 Times in 41 Posts

    Never liked nor use Safari anyways, so not breaking a sweat...
    Last edited by iLaw-One; 05-11-2010 at 03:30 PM.

  4. #3
    iPhone? More like MyPhone ROFLwaffle's Avatar
    Join Date
    Nov 2009
    Location
    Mineral Wells, Texas
    Posts
    156
    Thanks
    53
    Thanked 26 Times in 19 Posts

    I use Google Chrome.

  5. #4
    iPhoneaholic Amadomon's Avatar
    Join Date
    Mar 2008
    Posts
    417
    Thanks
    9
    Thanked 37 Times in 33 Posts

    Really?? Safari for Windows? Who in the world uses THAT combo?

  6. #5
    Green Apple Count Tracula's Avatar
    Join Date
    Feb 2010
    Posts
    54
    Thanks
    1
    Thanked 1 Time in 1 Post
    If im ever on a pc, yeah. But im always pon di mac.

    If im ever on a pc, yeah. But mi always pon di mac.
    Last edited by Count Tracula; 05-11-2010 at 03:46 PM. Reason: Automerged Doublepost

  7. #6
    apatia z3r01's Avatar
    Join Date
    Jul 2007
    Location
    Brooklyn
    Posts
    5,696
    Thanks
    82
    Thanked 886 Times in 557 Posts

    pon di river pon di mac
    [IMG]http://img829.imageshack.us/img829/9703/modu.gif[/IMG]

  8. #7
    iPhone? More like MyPhone DisneyRicky's Avatar
    Join Date
    Aug 2009
    Posts
    222
    Thanks
    73
    Thanked 15 Times in 13 Posts

    I had no new updates : / What's up with that?
    My Devices:

    iPod Touch 4g 4.1 - Jailbroken
    iPad 4.2.1 - Jailbroken

  9. #8
    iPhoneaholic
    Join Date
    Jul 2009
    Location
    Bellevue, WA
    Posts
    438
    Thanks
    43
    Thanked 46 Times in 41 Posts

    Because Apple has pretty bad response time to issues like this.

    The last zero day security risk was left open for almost a month before being patched.

  10. #9
    Green Apple knguyen's Avatar
    Join Date
    Aug 2009
    Location
    Colorado
    Posts
    69
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Chrome FTW

  11. #10
    My iPhone is a Part of Me s1l3nt's Avatar
    Join Date
    Dec 2009
    Posts
    579
    Thanks
    177
    Thanked 102 Times in 96 Posts

    good thing im using firefox

  12. #11
    CHUCK-TASTIC battlecrushr's Avatar
    Join Date
    Jun 2009
    Location
    Houston follow @al_da_beast
    Posts
    7,940
    Thanks
    273
    Thanked 1,034 Times in 956 Posts

    Quote Originally Posted by Amadomon View Post
    Really?? Safari for Windows? Who in the world uses THAT combo?
    i do
    and its fast




    Please know we are praying Kyle (poetic_folly) and Robyn Matthews for your little one.
    You too blkcadi
    Thank You.

  13. #12
    iPhone? More like MyPhone
    Join Date
    Mar 2010
    Posts
    100
    Thanks
    38
    Thanked 22 Times in 14 Posts

    I'm loving the pictures on the recent news posts. Seems like the quality of reporting has gone up as well. Thanks guys.

  14. #13
    Livin the iPhone Life lolcats1's Avatar
    Join Date
    Dec 2009
    Posts
    1,069
    Thanks
    13
    Thanked 87 Times in 60 Posts

    Quote Originally Posted by battlecrushr View Post
    i do
    and its fast
    a snail once sat on a turtle's shell...

    he said: "wheeeeee!"

    Last edited by lolcats1; 05-11-2010 at 05:32 PM. Reason: Automerged Doublepost

  15. The Following 2 Users Say Thank You to lolcats1 For This Useful Post:

    mortopher (05-11-2010), Success.Is.Sweet (05-11-2010)

  16. #14
    What's Jailbreak?
    Join Date
    Sep 2009
    Posts
    14
    Thanks
    6
    Thanked 1 Time in 1 Post
    Why would someone ever use Safari on Windows? I have Google Chrome.

  17. #15
    adp
    adp is offline
    Livin the iPhone Life adp's Avatar
    Join Date
    Jan 2009
    Location
    South FL
    Posts
    1,789
    Thanks
    32
    Thanked 460 Times in 321 Posts

    Quote Originally Posted by lolcats1 View Post
    a snail once sat on a turtle's shell...

    he said: "wheeeeee!"

    Holy crap I LOL'd my *** off with that pic
    If I helped you out, please use the Thanks button ------------------------->

  18. #16
    MMi's "X" Member awesomeSlayer's Avatar
    Join Date
    May 2008
    Location
    Dragonspiral Tower in 3DS
    Posts
    4,524
    Thanks
    114
    Thanked 347 Times in 259 Posts

    Quote Originally Posted by lolcats1 View Post
    a snail once sat on a turtle's shell...

    he said: "wheeeeee!"

    Holy crap! LOL!

    There's a FireFox for that.
    Asking for help is different from being stupid. Fanboys can rot in @#$%!

  19. #17
    Livin the iPhone Life lolcats1's Avatar
    Join Date
    Dec 2009
    Posts
    1,069
    Thanks
    13
    Thanked 87 Times in 60 Posts

    use 2 ipads

    multitask

  20. #18
    Livin the iPhone Life rhekt's Avatar
    Join Date
    Jun 2009
    Posts
    1,294
    Thanks
    43
    Thanked 65 Times in 53 Posts

    intego just had an update yesterday. didnt specify though
    killall Terminal[]

  21. #19
    What's Jailbreak? ZmanGroup's Avatar
    Join Date
    Mar 2010
    Posts
    19
    Thanks
    1
    Thanked 1 Time in 1 Post
    thats why i use firefox

  22. #20
    iPhone? More like MyPhone
    Join Date
    Mar 2010
    Posts
    100
    Thanks
    38
    Thanked 22 Times in 14 Posts

    Quote Originally Posted by lolcats1 View Post
    a snail once sat on a turtle's shell...

    he said: "wheeeeee!"

    By far the funniest rage comic I've seen in a long time. Thank you sir.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts