[ news_security_news ]
The Security Buzz On Safari
Mike Sachoff
Staff Writer
2007-06-12
 Security News RSS Feed
The security community is buzzing with talk of Apple's Safari for Windows and the vulnerabilities that come with it.
 | | The Security Buzz On Safari |  |
David Maynor over at Errata writes, "I'd like to note that we found a total of 6 bugs in an afternoon, 4 DoS and 2 remote code execution bugs. We have weaponized one of those to be reliable and its different that what Thor has found."
"I can't speak for anybody else but the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for alot of stuff). The exploit is robust mostly thanks to the lack of any kind of advanced security features in OSX."
Thor Larholm gives his take on Safari for Windows, "Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted towards this new Windows browser."
"I downloaded and installed Safari for Windows 2 hours ago, when I started writing this, and I now have a fully functional command execution vulnerability, triggered without user interaction simply by visiting a web site."
Ryan Naraine points out on his Zero Day blog, "Safari has not held up well to hacker scrutiny on the Mac platform. Tom Ferrris, a hacker who routinely finds Safari and Mac OS X vulnerabilities, once told me it's ‘trivial' to trigger a crash on Safari. The reality is that every crash is potential security vulnerability."
Naraine sums up Safari's issues writing," Safari on Windows puts the buggy browser before a bigger audience. You can bet your bottom dollar malware authors are paying close attention."
About the Author:
Mike is a staff writer for WebProNews. Visit WebProNews for the latest ebusiness news.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
