Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

Safari For Windows: Six Security Exploits In One Afternoon

By Scott Gilbertson June 12, 2007 Categories: Operating Systems, Software & Tools, Web Basics

SafariBack when the iPhone launched, we wondered if Apple would release a version of Safari for Windows and now that Apple has in fact done that, Cult of Mac’s Leander Kahney echoes many commenters’ thoughts in that initial post: Who in Their Right Mind Would Run Safari on Windows? As it turns out there’s an easy answer: Hackers. It took all of two hours for researchers to find 6 bugs in the Windows version of Safari, 4 DoS attacks and 2 remote code execution bugs.

Now granted, Safari is a beta and some bugs are to be expected, but six in one afternoon does not bode well for Apple’s second foray into Windows software.

While one of the bugs comes from a security consulting company who will not divulge the details until Apple has sufficient time to patch the flaws, Thor Larholm, a Danish hacker, has detailed the workings behind one of the remote code injection flaws.

To be fair the exploit is not entirely Safari’s fault since it leverages some Windows vulnerabilities to do its dirty work, but most of the blame can go to Safari for failing to properly validate URL arguments before passing them on to the command line.

Still, six exploits in two hours doesn’t exactly make you want to rush out and download a copy does it?

Tags: Windows
Post Comment Comments Permalink Print
Reddit Digg
 
Subscribe now

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year