Advertisement


Advertisement

Thread Rating:
  • 3 Vote(s) - 3.67 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Homeland Security Warns About Latest Dangerous Apple Browser Bug
#1
Advertisement
Apple's arrogant air when it comes to security has yet again come back to bite it. This time Danish security research firm Secunia discovered yet another vulnerability in the web browser Safari, which they billed as "highly critical" -- their most serious rating.

Secondary confirmation of the bug came from the United States Computer Emergency Readiness Team (US-CERT) (part of the U.S. Department of Homeland Security), which issued an advisory after Polish researcher Krystian Kloskowski disclosed the bug on Friday.

The bug exploits Apple's poor implementation of code that handle's the browser's parent windows. According to Secunia, "This can be exploited to execute arbitrary code when a user visits a specially-crafted Web page and closes opened pop-up windows."

US-CERT adds that HTML email opened in webmail services such as Gmail or Windows Live Hotmail may also exploit the flaw. By compromising the operating system, hackers are free to log user information (such as credit cards or personal contacts) and install malware to accomplish a host of evils.

The flaw works in Windows 7 on the latest version of Safari 4 (4.0.5). "Other versions may also be affected" according to US-CERT -- so OS X users of Safari aren't off the hook yet. Charlie Miller, noted Mac hacker and security expert was not available to verify whether the bug existed in OS X. He's on vacation after hacking Safari and earning $10,000 in loot in March at the Pwn2Own contest.

Miller has stated that Macs and Apple software are often easier to hack than PCs and Windows software. Overall there's been relatively little interest in hacking Macs or Apple products, but what little attention there has been has revealed a host of security flaws. Apple patched 16 flaws in Safari in mid-March -- including 10 that affected OS X. Miller's exploit was among those flaws fixed.

Apple is keeping quiet on the latest danger to its customers -- its usual response to such security dangers. Security experts at US-CERT and Secunia are providing Safari users with some sound advice for now at least -- don't open untrusted HTML emails, and disable JavaScript except on trusted sites.

Many security experts have criticized Apple's lax stance on security and poorly implemented products. Charlie Miller states, "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."

Or as Mac researcher Dino Dai Zovi once put it, "There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun."

Source-DailyTech
Reply
Thanks given by:
Advertisement
Advertisement




Possibly Related Threads...
Thread Author Replies Views Last Post
  General News: Opera Launches 'World's First Gaming Browser', Lets Users Set CPU, RAM Limits nairrk 0 207 06-12-2019, 06:59 PM
Last Post: nairrk
  General News: Xiaomi Mint Browser With Dark Mode, Voice Search, 'AdFree' Experience.. nairrk 0 528 12-25-2018, 09:43 AM
Last Post: nairrk
  General News: WhatsApp enables Mute option for all beta users, previews Stickers in latest beta nairrk 0 420 07-17-2018, 06:32 PM
Last Post: nairrk
  General News: Apple Maps is getting overhauled in a big way nairrk 0 432 07-01-2018, 12:34 PM
Last Post: nairrk
  General News: Apple iOS 12 Public Beta: How to try the latest operating system for your iPhone.. nairrk 0 431 06-26-2018, 10:47 AM
Last Post: nairrk
  Update: Send text messages via a web browser, similar to WhatsApp, using these steps nairrk 0 433 06-22-2018, 09:41 AM
Last Post: nairrk
  General News: Gmail for Android Gets Customisable Swipe Actions With Latest Update nairrk 0 397 06-10-2018, 07:26 AM
Last Post: nairrk
  General News: Apple introduces Memoji which is really Yahoo Avatars reborn in 2018 nairrk 0 439 06-05-2018, 01:51 PM
Last Post: nairrk
  General News: WhatsApp’s latest feature allows you to send messages to unsaved numbers nairrk 0 357 05-28-2018, 06:56 PM
Last Post: nairrk
  General News: Amazon 'lite' web browser for Android launched in India nairrk 0 429 04-18-2018, 10:21 AM
Last Post: nairrk

Forum Jump:


Users browsing this thread: 1 Guest(s)
Advertisement