Apple Safari Zero-Day Vulnerability
US-CERT on Monday <a href="http://www.us-cert.gov/current/index.html#apple_safari_vulnerability">warned</a> about a zero-day vulnerability affecting Apple's Safari Web browser.
US-CERT on Monday warned about a zero-day vulnerability affecting Apple's Safari Web browser."By convincing a user to open a specially crafted Web page, an attacker may be able to execute arbitrary code," the government security organization said. "Exploit code for this vulnerability is publicly available."
US-CERT said that it isn't aware of a fix for the problem but added that disabling JavaScript in Safari could mitigate the risk. This can be done using the JavaScript check box in Safari's Preferences menu.
Security research firm Secunia has offered some additional details in its security advisory.
The vulnerability is "due to an error in the handling of parent windows and can result in a function call using an invalid pointer," the company said.
Secunia rates the vulnerability as "highly critical."
Secunia said it had tested the vulnerability on Safari version 4.0.5 for Windows. It also said that other versions of Safari may be affected.
Attempts to exploit the vulnerability in the wild have not been reported, yet.
Our editors take Apple's new platform through its paces, in the office and on the road. Here are their (differing) assessments of what works well and what doesn't. Download the report here (registration required).
About the Author
You May Also Like