Homeland Security Warns About Latest Dangerous Apple Browser Bug
May 10, 2010 5:20 PM
Apple, which perpetually makes fun of Microsoft's Windows for being "buggy" and "virus prone" is yet again endangering its users with lax security and poorly written code.
This time Apple's latest security woe is a "highly critical" flaw in its Safari browser; and Apple is yet again silent on the issue.
Cyberthieves can use the vulnerability to execute arbitrary code, steal information
when it comes to security has yet again come back to bite it. This time Danish security research firm Secunia
yet another vulnerability in the web browser Safari, which they billed as "highly critical" -- their most serious rating.
Secondary confirmation of the bug came from the United States Computer Emergency Readiness Team (US-CERT) (part of the U.S. Department of Homeland Security), which
an advisory after Polish researcher Krystian Kloskowski disclosed the bug on Friday.
The bug exploits Apple's
of code that handle's the browser's parent windows. According to Secunia, "This can be exploited to execute arbitrary code when a user visits a specially-crafted Web page and closes opened pop-up windows."
US-CERT adds that HTML email opened in webmail services such as Gmail or Windows Live Hotmail may also exploit the flaw. By compromising the operating system, hackers are free to log user information (such as credit cards or personal contacts) and install malware to accomplish a host of evils.
The flaw works in Windows 7 on the latest version of Safari 4 (4.0.5). "Other versions may also be affected" according to US-CERT -- so OS X users of Safari aren't off the hook yet. Charlie Miller, noted Mac hacker and security expert was not available to verify whether the bug existed in OS X. He's on vacation after hacking Safari and
earning $10,000 in loot
in March at the Pwn2Own contest.
Miller has stated that Macs and Apple software are often easier to hack than PCs and Windows software. Overall there's been relatively little interest in hacking Macs or Apple products, but what little attention there has been has revealed a host of security flaws. Apple patched 16 flaws in Safari in mid-March -- including 10 that affected OS X. Miller's exploit was among those flaws fixed.
Many security experts have criticized Apple's lax stance on security and poorly implemented products. Charlie Miller
Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.
Mac researcher Dino Dai Zovi
once put it
There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun.
"DailyTech is the best kept secret on the Internet." -- Larry Barber
Charlie Miller to Unveil 20 Zero-day OS X Exploits at CanSecWest
March 19, 2010, 9:55 AM
Another Major Mac Computer Security Flaw Discovered
July 30, 2009, 10:52 AM
Mac Gets The Girl In New Anti-Microsoft Ad
May 13, 2009, 9:33 AM
Safari Plagued By Bugs, Accidental Violation Of Its Own EULA
March 27, 2008, 1:03 PM
Google plans ultra-fast wireless Internet for Research Triangle Park, N.C.
August 12, 2016, 6:30 AM
Twitter Senior VP: "Diversity is Important, But We Can’t Lower the Bar"
November 9, 2015, 9:59 AM
CNN Resorts to Internet Censorship to Promote Clinton Over Senator Sanders
October 15, 2015, 2:47 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Quick Note: Amazon UK Offers £10 Back on Any Order £50 or Over
August 3, 2015, 12:05 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Most Popular Articles
Apple iOS Contains Secret One-handed Keyboard Code
October 22, 2016, 5:00 AM
The Unlocked Moto Z Play Launches for $449.99 Today.
October 22, 2016, 5:00 AM
The New HP Spectre: Revamped and Ready
October 23, 2016, 6:00 AM
New Way to Read Data on Ulta Hard Drives
October 23, 2016, 9:38 AM
Car Insurance - The Hidden Discriminatory Practise
October 18, 2016, 5:00 AM
Latest Blog Posts
From Time to Time, The Unbelievable and Unimaginable Happens!!!!
Oct 28, 2016, 4:56 AM
Key EpiPen Competitor Out in 2017 At ' Very Low' Cost
Oct 27, 2016, 5:30 AM
Researchers use CRISPR to Accelerate Search for HIV Cure
Oct 26, 2016, 5:00 AM
Medical Council of India Makes Generic Medicines Mandatory
Oct 25, 2016, 5:00 AM
MacBoo Pro 2016: Release date Oct. 27
Oct 24, 2016, 7:16 AM
Mac Users, Try this if Your Mac is Infected?
Oct 23, 2016, 7:00 AM
Tips to Prevent Smartphones From Overheating:
Oct 22, 2016, 5:00 AM
Nasa Flies Drones at Nevada Airport
Oct 21, 2016, 8:21 AM
T-Mobile Data Problems
Oct 20, 2016, 10:17 AM
Annoying Apple Watch Problems and How to Fix Them
Oct 20, 2016, 5:00 AM
Your Mail May Soon Be Delivered By Robot
Oct 19, 2016, 9:34 AM
2018 Jeep Wrangler Prototype Sells At Junkyard
Oct 18, 2016, 5:00 AM
Samsung Shines with Gold Edition Tablet
Oct 17, 2016, 9:24 AM
Tesla Hints Mysterious Product Debut for October 17th
Oct 16, 2016, 10:14 AM
Samsung Galaxy Note 7 Phones on US flights
Oct 15, 2016, 5:00 AM
Comcast Fined $2.3 Million For Unconfirmed Services Charged To Customers
Oct 14, 2016, 5:00 AM
“American singer / songwriter “Bob Dylan is awarded 2016 Nobel Prize in Literature.
Oct 13, 2016, 10:33 AM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information