blob: 470fbe69c4c3c652d52f731d0ac6b7c1b54820f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
Cult of Mac's Leander Kahney has an article this morning with the headline: [Who in Their Right Mind Would Run Safari on Windows][1]? AS it turns out there's an easy answer: Hackers. It took all of two hours for researchers to find 6 bugs in the Windows version of Safari, 4 DoS attacks and 2 remote code execution bugs.
Now granted, Safari is a beta and some bugs are to be expected, but six in one afternoon does not bode well for Apple's second foray into Windows software.
While one of the bugs comes from a [security consulting company][3] who will not divulge the details until Apple has sufficient time to patch the flaws, Thor Larholm, a Danish hacker, has [detailed the workings][2] behind one of the remote code injection flaws.
To be fair the exploit is not entirely Safari's fault since it leverages some Windows vulnerabilities to do its dirty work, but most of the blame can go to Safari for failing to properly validate URL arguments before passing them on to the command line.
Still, six exploits in two hours doesn't exactly make you want to rush out and download a copy does it?
[2]: http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours/ " Safari for Windows, 0day exploit in 2 hours"
[1]: http://www.wired.com/gadgets/mac/commentary/cultofmac/2007/06/cultofmac_0612 "Who in Their Right Mind Would Run Safari on Windows?"
[3]: http://erratasec.blogspot.com/2007/06/niiiice.html
|
