Homeland Security Warns About Latest Dangerous Apple Browser Bug
May 10, 2010 5:20 PM
Apple, which perpetually makes fun of Microsoft's Windows for being "buggy" and "virus prone" is yet again endangering its users with lax security and poorly written code.
This time Apple's latest security woe is a "highly critical" flaw in its Safari browser; and Apple is yet again silent on the issue.
Cyberthieves can use the vulnerability to execute arbitrary code, steal information
when it comes to security has yet again come back to bite it. This time Danish security research firm Secunia
yet another vulnerability in the web browser Safari, which they billed as "highly critical" -- their most serious rating.
Secondary confirmation of the bug came from the United States Computer Emergency Readiness Team (US-CERT) (part of the U.S. Department of Homeland Security), which
an advisory after Polish researcher Krystian Kloskowski disclosed the bug on Friday.
The bug exploits Apple's
of code that handle's the browser's parent windows. According to Secunia, "This can be exploited to execute arbitrary code when a user visits a specially-crafted Web page and closes opened pop-up windows."
US-CERT adds that HTML email opened in webmail services such as Gmail or Windows Live Hotmail may also exploit the flaw. By compromising the operating system, hackers are free to log user information (such as credit cards or personal contacts) and install malware to accomplish a host of evils.
The flaw works in Windows 7 on the latest version of Safari 4 (4.0.5). "Other versions may also be affected" according to US-CERT -- so OS X users of Safari aren't off the hook yet. Charlie Miller, noted Mac hacker and security expert was not available to verify whether the bug existed in OS X. He's on vacation after hacking Safari and
earning $10,000 in loot
in March at the Pwn2Own contest.
Miller has stated that Macs and Apple software are often easier to hack than PCs and Windows software. Overall there's been relatively little interest in hacking Macs or Apple products, but what little attention there has been has revealed a host of security flaws. Apple patched 16 flaws in Safari in mid-March -- including 10 that affected OS X. Miller's exploit was among those flaws fixed.
Many security experts have criticized Apple's lax stance on security and poorly implemented products. Charlie Miller
Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.
Mac researcher Dino Dai Zovi
once put it
There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun.
"I'm an Internet expert too. It's all right to wire the industrial zone only, but there are many problems if other regions of the North are wired." -- North Korean Supreme Commander Kim Jong-il
Charlie Miller to Unveil 20 Zero-day OS X Exploits at CanSecWest
March 19, 2010, 9:55 AM
Another Major Mac Computer Security Flaw Discovered
July 30, 2009, 10:52 AM
Mac Gets The Girl In New Anti-Microsoft Ad
May 13, 2009, 9:33 AM
Safari Plagued By Bugs, Accidental Violation Of Its Own EULA
March 27, 2008, 1:03 PM
Science & Environment
February 20, 2017, 6:37 AM
The USA’s newest weather satellite sends first photos.
January 24, 2017, 6:41 AM
Netflix took a decision to invest in original content
January 19, 2017, 7:00 AM
Amazon Airborne Fulfillment Center – Your Merchandise Drop-Shipped from the Clouds
December 29, 2016, 5:00 AM
Amazon is experimenting with a new kind of grocery stores, Amazon Go
December 8, 2016, 5:00 AM
Google has developed Deep Learning Algorithm to detect Diabetic Eye Disease
December 4, 2016, 5:00 AM
Most Popular Articles
What is the Apple’s iPhone 8 specifications and release date?
April 14, 2017, 5:43 AM
Meet the Smartphone with four cameras - Alcatel Flashphone
April 5, 2017, 11:20 AM
Vivo V5 Plus – the Selfie Softlight is on You.
April 17, 2017, 7:05 AM
Moto G4 Plus - Powerful Unlocked Convenience
April 12, 2017, 6:25 AM
Microsoft releases details of Project Scorpio console
April 7, 2017, 7:50 AM
Latest Blog Posts
Link your Brain to Your Computer – In Four Years…Maybe
Apr 22, 2017, 7:03 AM
Google Home can now identify users by their voice.
Apr 21, 2017, 7:15 AM
Amazon Lex – Now Available for Developers.
Apr 20, 2017, 6:58 AM
You can now use Instagram offline on your Android Smartphone
Apr 19, 2017, 8:00 AM
Now you can livestream to YouTube from your mobile device.
Apr 18, 2017, 8:05 AM
Google Home – Is It a Spy Device?
Apr 17, 2017, 7:30 AM
Apple added to self –driving test permit list
Apr 15, 2017, 6:21 AM
Project Scorpio – Coming on June 11
Apr 14, 2017, 6:20 AM
Looks Like Samsung Has Been Forgiven.
Apr 13, 2017, 6:50 AM
United Airlines - Blasted on China’s Social Network and the Stock Market
Apr 12, 2017, 6:50 AM
Amazon's Third-Party Sellers Hacked
Apr 11, 2017, 6:25 AM
Microsoft Surface Pro5 Details Revealed
Apr 9, 2017, 6:41 AM
Own An Android Phone? Then you could be hacked over Wi-FI
Apr 7, 2017, 6:47 AM
Apple confirms iOS 10.3 bug and its effect on iCloud Services
Apr 6, 2017, 6:30 AM
Apple Rolls Out New Version of Apple Music
Apr 5, 2017, 10:35 AM
Apple in the News
Apr 4, 2017, 9:03 AM
Apple iPhones Will Soon Feature Graphics Chips Designed BY Apple
Apr 3, 2017, 6:23 AM
AMD Ryzen Desktop Processors Performance
Apr 2, 2017, 6:30 AM
What makes a camera Lensless?
Apr 1, 2017, 7:45 AM
Google halts Android Wear 2.0 Update Due to Bug
Mar 31, 2017, 7:27 AM
Uber Technologies Inc Driverless Car hit by Human-driver
Mar 30, 2017, 8:00 AM
Android Creator and New Bezel-less Smartphone
Mar 29, 2017, 10:28 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information