US-CERT on Monday warned about a zero-day vulnerability affecting Apple's Safari Web browser.
US-CERT on Monday warned about a zero-day vulnerability affecting Apple's Safari Web browser."By convincing a user to open a specially crafted Web page, an attacker may be able to execute arbitrary code," the government security organization said. "Exploit code for this vulnerability is publicly available."
Security research firm Secunia has offered some additional details in its security advisory.
The vulnerability is "due to an error in the handling of parent windows and can result in a function call using an invalid pointer," the company said.
Secunia rates the vulnerability as "highly critical."
Secunia said it had tested the vulnerability on Safari version 4.0.5 for Windows. It also said that other versions of Safari may be affected.
Attempts to exploit the vulnerability in the wild have not been reported, yet.
Our editors take Apple's new platform through its paces, in the office and on the road. Here are their (differing) assessments of what works well and what doesn't. Download the report here (registration required).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.