Archive
| Su | Mo | Tu | We | Th | Fr | Sa | |
|---|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | ||
| 7 | 8 | 9 | 10 | 11 | 12 | 13 | |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 | |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 | |
| 28 | 29 | 30 | 31 | ||||
Newsletter
Poll: Windows Vista Experience!
Did you enjoy this story?
It took security engineers perhaps less than two hours yesterday to introduce Apple's surprise entry in the field of Windows browsers to the big, cruel world of exploits and vulnerabilities, following its introduction yesterday morning at WWDC. As a result, much of the clout Safari had received as the secure browsing alternative to Internet Explorer and Firefox -- as long as it was on a Macintosh -- was burned off like fire to a flash fuse.
Errata Security engineer David Maynor had a report posted on the first vulnerability he found by 1:48 pm, complete with screenshots of the pre-crash letdown dialog produced by his fuzzing tool. As he admitted, it wasn't a difficult crash to find, posting a screen shot of the memory dump revealing both a stack corruption and an access violation, and then giving credit to Thor Larholm for posting a complete report on the calamity not an hour later.
As an example -- one which may be as important for Firefox as for Safari -- Larholm demonstrated the use of an inline frame <IFRAME> element with embedded JavaScript code. When delivered to Safari, it passes on an unfiltered request to the old Gopher protocol, which on his system is handled by Firefox. That browser then processes the unfiltered request raw, with the result being that CMD.EXE is called, pulling up the command line.
If Larholm wished to go further with this demonstration, he could have passed a default command to CMD.EXE - which, of course, would also have been unfiltered.
Comments (0 posted)
Hardware
Microsoft
Security
Internet
Gaming
Linux
