• On MovieTome: TRANSFORMERS 2 SPOILERS!
advertisementAT&T Tech Support 360
April 23, 2008 10:01 AM PDT

Apple Safari vulnerable to multiple attacks

Posted by Robert Vamosi

Safari users may be subject to crashes or interactions with an attacker's malicious site, according to a warning posted on Tuesday on BugTraq .

Researcher Juan Pablo Lopez Yacubian is credited with finding multiple vulnerabilities in Apple Safari 3.1.1 for Windows. Other versions of Safari may also be affected.

Among the vulnerabilities cited are a denial-of-service (crash) vulnerability caused by a write-access violation, a denial-of-service (crash) vulnerability caused by a read-access violation, and a third vulnerability that allows attackers to spoof the content contained in the address bar. A full write up can be found here .

In a separate mailing to Bugtraq, Juan Pablo Lopez Yacubian says he was also able to use a similar exploit to crash Mozilla Firefox 3 beta 5.

That said, the general workaround is not to use Safari 3.1.1 for Windows until Apple issues a fix. Versions of Firefox 2.x and Opera are recommended.

Topics:

Browsers and extensions,

Security

Tags:

security,

Apple,

Safari,

Windows,

Juan Pablo Lopez Yacubian,

Firefox 3 beta 5

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from Defense in Depth
High-tech bank robbers phone it in
How 'carders' trade your stolen personal info
Anatomy of a botnet
Column: Raising Cain at Black Hat
Black Hat 2008: Notes from the field
Add a Comment (Log in or register) 12 comments
Crashing the browser is a good thing?
by amandachuck April 23, 2008 10:34 AM PDT
If someone attacks my computer with a malicious site, or just
creates such a **** poor site it would take up too many
resources on my machine, I'm happy to have the browser crash
as a defense. What's the problem? You just, you know, reload
the browser and move on?

Now, if it crashed the whole computer, I'd be pissed. And that
would happen in some cases if the browser wasn't smart enough
to crash first. We'll see if that happens in the real world.

But the only thing that ever crashes my Mac completely is faulty
network disk access, a problem with OSX since 10.0 that has
been mitigated in 10.5, but is still there.
Reply to this comment View all 2 replies
Interactions are a problem,
by rcrusoe April 23, 2008 11:21 AM PDT
crashes are not.

If they were, you would spend all your time reporting on Flash and Silverlight "attacks".
Reply to this comment
Crashes are acceptable to Mac users?
by k2dave April 23, 2008 11:35 AM PDT
From the comments posted so far it seems like Mac users are satisfied with the response of their web browser crashing at the fist sign of trouble. I think it's good as a stop gap measure till a fix is out, but far from acceptable.
Reply to this comment View all 2 replies
Dedicated Mac user...
by Gomphos April 23, 2008 12:53 PM PDT
...and not apologetic. Of course Apple needs to fix this, and fast.
But I'd still use Mac over any version of Windows.
Reply to this comment
Safari for Windows
by Melekai April 23, 2008 2:24 PM PDT
Sounds like an Windows problem, not a Mac problem.
Reply to this comment View reply
Safari is a joke gone bad...
by AppleSuxLeo April 24, 2008 6:16 PM PDT
Mr.Turtle Neck`s version of an April Fools joke.
Reply to this comment
Powered by Jive Software
advertisement
Resource center from CNET News sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Featured blogs

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET