US-CERT on Monday warned about a zero-day vulnerability affecting Apple's Safari Web browser.
US-CERT on Monday warned about a zero-day vulnerability affecting Apple's Safari Web browser."By convincing a user to open a specially crafted Web page, an attacker may be able to execute arbitrary code," the government security organization said. "Exploit code for this vulnerability is publicly available."
Security research firm Secunia has offered some additional details in its security advisory.
The vulnerability is "due to an error in the handling of parent windows and can result in a function call using an invalid pointer," the company said.
Secunia rates the vulnerability as "highly critical."
Secunia said it had tested the vulnerability on Safari version 4.0.5 for Windows. It also said that other versions of Safari may be affected.
Attempts to exploit the vulnerability in the wild have not been reported, yet.
Our editors take Apple's new platform through its paces, in the office and on the road. Here are their (differing) assessments of what works well and what doesn't. Download the report here (registration required).
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?