Tuesday, September 30, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Previews Windows 10
Google Offers Unlimited Cloud Storage To Students
Gionee Announced The World's Thinnest Smartphone
MPEG LA Rolls Out HEVC License
PayPal To Become An Independent Publicly Traded Company in 2015
AMD To Showcase ARM Cortex-A57-Based Hadoop on Opteron Processors
SanDisk Introduces New X300 SSD And Client SSD Upgrade Service For Corporate Environments
TSMC and ARM Announce 16nm FinFET Silicon with 64-bit ARM big.LITTLE Technology
Active Discussions
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, May 11, 2010
Researchers Reveal Important Safari Vulnerability


Danish vulnerability tracker Secunia found a vulnerability and a security issue in Apple's Safari browser.

According to Secunia, the security issue can lead to exposure of sensitive information and the vulnerability can be exploited by malicious people to compromise a user's system.

An error in the handling of parent windows can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows, Secunia announced.

The security issue is caused due to Safari including HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain (e.g. via a "Location" header).

The vulnerability and the security issue are confirmed in Safari version 4.0.5 for Windows.

The company recommends users not to visit untrusted web sites or follow links from untrusted sources. In addition, users should not authenticate to sites that use HTTP basic authentication and use redirections to different domains.

US-CERT also confirmed the vulnerability affecting Apple Safari.

"By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available," US-CERT said.

US-CERT encourages users and administrators to disable JavaScript until a fix is provided by Apple.




Previous
Next
Sharp Develops 3D Camera Module for Mobile Devices Capable of Capturing HD 3D Video        All News        Report: $51 Billion Lost to Software Piracy in 2009
US Patent Office Affirms i4i Patent - Rejects Microsoft Challenge     General Computing News      Report: $51 Billion Lost to Software Piracy in 2009

Get RSS feed Easy Print E-Mail this Message

Related News
Europe Says Ireland Helped Apple Pay Less Taxes
iPhone 6 And iPhone 6 Plus Available in China By October 17
Apple Patches Bash Vulnerability in OS X
Europe To Probe Apple Over Irish Tax Deals
Apple Quickly Issues iOS 8.0.2 Update To Solve Issues Of Previous Release
Apple Downplays iPhone 6 Bending Reports
Apple Pulled Problematic iOS 8.0.1 Update
Apple's Touch ID Vulnerable to Hack
iOS 8 Update Causing Problems
iPhone 6 Plus Is $100 Costlier For Consumers But Less Than $16 More Expensive for Apple to Make
Future Of Apple's Beats Music Remains Uncertain
Apple iPhone Sales Top 10 Million

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .