Unpatched drive-by download flaw in Apple Safari browser

Unpatched drive-by download flaw in Apple Safari browser

Summary: The issue is rated "highly critical" because of the risk of remote code execution attacks against Windows users.

SHARE:

A zero-day vulnerability in Apple's Safari browser could expose millions of Windows users to drive-by download malware attacks.  The flaw is currently unpatched.

According to an alert from Secunia, the issue is rated "highly critical" because of the risk of remote code execution attacks that can lead to complete system takeover.

From the advisory:follow Ryan Naraine on twitter

The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.

The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected, the company warned.

Topics: Windows, Apple, Browser, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • If any mods are reading this..

    Dear ZDNet please fix your website I can't subscribe to any stories for reply notification, can't see how many people have reccomended an article unless I do so as well, get multiple boxes to type my message in when I try to reply, the page freezes when I try to edit my post, and I can't even vote "No" on any of the polls (nor see the results)! What is this crap? Please put it back to the old version that had none of these problems (which exist in the new version on [i]all[/i] browsers!)..
    AzuMao
    • Spot on

      I agree with AzuMao.

      Also list users reporting people as spam trying to kill tread discussions (MSCEs you know who you are).
      Richard Flude
  • add "WINDOWS ONLY" to that subject

    so people dont waste time thinking this is a non windows issue..........
    bspurloc
    • It is an Apple issue

      End of story. Apple is to blame here.
      NonZealot
    • Really? You should let Apple know.

      @bspurloc

      <i>Other versions may also be affected, the company warned.</i>
      KTLA
      • Other versions

        @KTLA

        Read into it. I believe they mean previous versions.

        Btw, who uses Safari on Windows?
        nix_hed
  • RE: Unpatched drive-by download flaw in Apple Safari browser

    So that leaves us with which browser that is still safe ? Chrome ?
    TxM2xTx
  • RE: RE: Interesting article about an Apple flaw

    But the changes to ZDNet layout appear to be important too and there is nowhere to voice opinions about the changes. <br>As interesting s the Apple flaw is it affect a minority of blog readers. <br>The new page layout on the hand is seen by all and it would appear to be less than a success.<br>1. Opera 10.53 renders the page correctly but takes a long time. Also it crashes occasionally (when scrolling) with many CSS errors logged and a Java errors (advert related)<br>2. Firefox fails to render the page accurately, buttons missing, overlapping print, advert are very jerky. Reloading the page causes the faulty artifacts to change to different location or page to freeze. Error Console logs many CSS page errors and Java errors.
    Agnostic_OS
  • RE: for the windows users who don't play well with others....

    don't hate the apple users, it's non productive. We are here, we also can read, and even if we are 'minority' readers, there are certainly enough of us to warrant publishing content that is useful to us. <br><br>I'm sure there are plenty of blogs, groups, subscriptions etc out there that are windows only. <br><br>Finally, as my mother in law used to say, if you don't like it, throw a rock at it.<br>By the way, I don't have a problem with the new layout at all. Using safari on a macbook pro. Interesting.
    Nunya Bizniss
  • RE: Unpatched drive-by download flaw in Apple Safari browser

    Seems the smoke and mirrors are cracking. Welcome to "I'm a PC."
    trust2112
  • RE: Unpatched drive-by download flaw in Apple Safari browser

    lots of us windows users use safari, its a good browser choice
    crazydave789
  • RE: Unpatched drive-by download flaw in Apple Safari browser

    Wow....deja vu...Safari Drive by Download attack on windows.

    And for the record, this is not a Windows issue, it is an apple Safari issue. Blaming this on Microsoft is just like the people who blamed linux for the vodafone/mariposa thing. It's just not true. Apple wrote the bad code here, it's their goof....again.
    TheLightcosine
  • RE: Unpatched drive-by download flaw in Apple Safari browser

    Great!! ! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane