[LINK] Apple browser for windows

Jan Whitaker jwhit at janwhitaker.com
Wed Jun 13 11:43:30 AEST 2007


At 08:09 PM 12/06/2007, Howard Lowndes wrote:
>According to the /. story it's broken too:
>http://apple.slashdot.org/apple/07/06/12/0120230.shtml

http://www.betanews.com/article/Day_One_for_Safari_for_Windows_Becomes_ZeroDay_Nightmare/1181661606

'Day One' for Safari for Windows Becomes Zero-Day Nightmare
By Scott M. Fulton, III, BetaNews
June 12, 2007, 11:20 AM

It took security engineers perhaps less than two hours yesterday to 
introduce Apple's surprise entry in the field of Windows browsers to 
the big, cruel world of exploits and vulnerabilities, following its 
introduction yesterday morning at WWDC. As a result, much of the 
clout Safari had received as the secure browsing alternative to 
Internet Explorer and Firefox -- as long as it was on a Macintosh -- 
was burned off like fire to a flash fuse.

Errata Security engineer David Maynor had a report posted on the 
first vulnerability he found by 1:48 pm, complete with screenshots of 
the pre-crash letdown dialog produced by his fuzzing tool. As he 
admitted, it wasn't a difficult crash to find, posting a screen shot 
of the memory dump revealing both a stack corruption and an access 
violation, and then giving credit to Thor Larholm for posting a 
complete report on the calamity not an hour later.

"I downloaded and installed Safari for Windows 2 hours ago, when I 
started writing this," Larholm wrote, "and I now have a fully 
functional command execution vulnerability, triggered without user 
interaction simply by visiting a web site."

[snip]


Jan Whitaker
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
commentary: http://janwhitaker.com/jansblog/

Writing Lesson #54:
Learn to love revision. Think of it as polishing the silver for 
guests. - JW, May, 2007

'Seed planting is often the most important step. Without the seed, 
there is no plant.' - JW, April 2005
_ __________________ _



More information about the Link mailing list