Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
May 10, 2010
1 Min Read
US-CERT on Monday warned about a zero-day vulnerability affecting Apple's Safari Web browser."By convincing a user to open a specially crafted Web page, an attacker may be able to execute arbitrary code," the government security organization said. "Exploit code for this vulnerability is publicly available."
Security research firm Secunia has offered some additional details in its security advisory.
The vulnerability is "due to an error in the handling of parent windows and can result in a function call using an invalid pointer," the company said.
Secunia rates the vulnerability as "highly critical."
Secunia said it had tested the vulnerability on Safari version 4.0.5 for Windows. It also said that other versions of Safari may be affected.
Attempts to exploit the vulnerability in the wild have not been reported, yet.
Our editors take Apple's new platform through its paces, in the office and on the road. Here are their (differing) assessments of what works well and what doesn't. Download the report here (registration required).
About the Author(s)
Editor at Large, Enterprise Mobility
Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.
You May Also Like
Navigating the ISO 27001 compliance journey
5 key areas for improved automation in InfoSec compliance
High Performance Applications with Dominion KX III
*State of Accounting and Legal Services
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Accelerationâ€‹