Saturday, April 20, 2024
Search
English
Optical Storage
Graphics Cards
General Computing
PC Parts
Digital Cameras
Consumer Electronics
Games
Mobiles
All News Categories
Older News
Optical Storage
Graphics Cards
General Computing
PC Parts
Digital Cameras
Consumer Electronics
Games
Cooling Systems
Mobiles
Software Reviews
Reviews Around the Web
Technology Previews
Essays
Interviews
Tech Views
Glossary
FAQ
Guides/How-To's
Firmware
Drivers
BIOS
Software
Media Tests
Drive Comparisons
DVD Media Formats
All Forums
Become Member
Today's Posts
Popular Topics
In-House
Optical Storage
Optical Storage Software
General
Consumer Electronics
Other
News Around The Web
Advertise
Links
Jobs
Site Map
News/Reviews Feed
Submit News
Polls
Competitions
Users' Privacy
Contact Us
About
Home
|
News
|
Reviews
|
Articles
|
Guides
|
Download
|
Expert Area
|
Forum
|
Site Info
Tuesday, May 11, 2010
Researchers Reveal Important Safari Vulnerability
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail:
* Required!
Recipient (e-mail):
*
Subject:
*
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
Message Text:
Danish vulnerability tracker Secunia found a vulnerability and a security issue in Apple's Safari browser.
According to
Secunia
, the security issue can lead to exposure of sensitive information and the vulnerability can be exploited by malicious people to compromise a user's system.
An error in the handling of parent windows can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows, Secunia announced.
The security issue is caused due to Safari including HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain (e.g. via a "Location" header).
The vulnerability and the security issue are confirmed in Safari version 4.0.5 for Windows.
The company recommends users not to visit untrusted web sites or follow links from untrusted sources. In addition, users should not authenticate to sites that use HTTP basic authentication and use redirections to different domains.
US-CERT also
confirmed
the vulnerability affecting Apple Safari.
"By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available," US-CERT said.
US-CERT encourages users and administrators to disable JavaScript until a fix is provided by Apple.
Tweet
Home
|
News
|
All News
|
Reviews
|
Articles
|
Guides
|
Download
|
Expert Area
|
Forum
|
Site Info
Site best viewed at 1024x768+ -
CDRINFO.COM
1998-2024 - All rights reserved
-
Privacy policy
-
Contact Us
.