[LINK] Apple browser for windows
Jan Whitaker
jwhit at janwhitaker.com
Wed Jun 13 11:43:30 AEST 2007
At 08:09 PM 12/06/2007, Howard Lowndes wrote:
>According to the /. story it's broken too:
>http://apple.slashdot.org/apple/07/06/12/0120230.shtml
http://www.betanews.com/article/Day_One_for_Safari_for_Windows_Becomes_ZeroDay_Nightmare/1181661606
'Day One' for Safari for Windows Becomes Zero-Day Nightmare
By Scott M. Fulton, III, BetaNews
June 12, 2007, 11:20 AM
It took security engineers perhaps less than two hours yesterday to
introduce Apple's surprise entry in the field of Windows browsers to
the big, cruel world of exploits and vulnerabilities, following its
introduction yesterday morning at WWDC. As a result, much of the
clout Safari had received as the secure browsing alternative to
Internet Explorer and Firefox -- as long as it was on a Macintosh --
was burned off like fire to a flash fuse.
Errata Security engineer David Maynor had a report posted on the
first vulnerability he found by 1:48 pm, complete with screenshots of
the pre-crash letdown dialog produced by his fuzzing tool. As he
admitted, it wasn't a difficult crash to find, posting a screen shot
of the memory dump revealing both a stack corruption and an access
violation, and then giving credit to Thor Larholm for posting a
complete report on the calamity not an hour later.
"I downloaded and installed Safari for Windows 2 hours ago, when I
started writing this," Larholm wrote, "and I now have a fully
functional command execution vulnerability, triggered without user
interaction simply by visiting a web site."
[snip]
Jan Whitaker
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
commentary: http://janwhitaker.com/jansblog/
Writing Lesson #54:
Learn to love revision. Think of it as polishing the silver for
guests. - JW, May, 2007
'Seed planting is often the most important step. Without the seed,
there is no plant.' - JW, April 2005
_ __________________ _
More information about the Link
mailing list