Critical zero-day flaw found in Apple's Safari browser

By

Affects current version.

A “highly critical” zero-day vulnerability has been discovered in Apple's Safari web browser, according to Danish vulnerability tracking firm Secunia.

The code execution vulnerability affects the current version (4.0.5) of Safari for Windows and could allow an attacker to compromise a user's system. Other versions of the browser could also be affected.

Users are being advised to avoid visiting untrusted websites or clicking on links from untrusted sources.

The vulnerability is the result of, “an error in the handling of parent windows and can result in a function call using an invalid pointer”, according to Secunia's advisory. The vulnerability could be exploited to execute arbitrary code if a user is directed to a specially crafted web page and attempts to close pop-up windows.

Secunia has rated the vulnerability “highly critical,” or 'four out of five' on its severity rating scale.

The vulnerability likely also affects Safari for Mac because the code base of the two programs is largely the same, according to Mac security firm Intego.

"We're keeping an eye on this to see how it progresses, as this is the kind of vulnerability that can be exploited when a user simply visits a web page," Peter James, spokesman at Intego, wrote in a blog post.

See original article on scmagazineus.com

Critical zero-day flaw found in Apple's Safari browser
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
applesbrowsercriticalflawfoundinsafarisecurityzeroday

Sponsored Whitepapers

What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape
Transform IT Service Delivery with Freshworks ITSM
Transform IT Service Delivery with Freshworks ITSM
Digital Transformation That Works in the Real World
Digital Transformation That Works in the Real World
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security

Events

Most Read Articles

Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors
"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party
Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul
Exetel fined $694k over system 'vulnerability' for mobile number porting

Exetel fined $694k over system 'vulnerability' for mobile number porting
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?