BlackDog All American 15654 Posts user info edit post |
http://www.dailytech.com/Homeland+Security+Warns+About+Latest+Dangerous+Apple+Browser+Bug/article18341.htm
Quote : | "Cyberthieves can use the vulnerability to execute arbitrary code, steal information
Apple's arrogant air when it comes to security has yet again come back to bite it. This time Danish security research firm Secunia discovered yet another vulnerability in the web browser Safari, which they billed as "highly critical" -- their most serious rating.
Secondary confirmation of the bug came from the United States Computer Emergency Readiness Team (US-CERT) (part of the U.S. Department of Homeland Security), which issued an advisory after Polish researcher Krystian Kloskowski disclosed the bug on Friday.
The bug exploits Apple's poor implementation of code that handle's the browser's parent windows. According to Secunia, "This can be exploited to execute arbitrary code when a user visits a specially-crafted Web page and closes opened pop-up windows."
US-CERT adds that HTML email opened in webmail services such as Gmail or Windows Live Hotmail may also exploit the flaw. By compromising the operating system, hackers are free to log user information (such as credit cards or personal contacts) and install malware to accomplish a host of evils.
The flaw works in Windows 7 on the latest version of Safari 4 (4.0.5). "Other versions may also be affected" according to US-CERT -- so OS X users of Safari aren't off the hook yet. Charlie Miller, noted Mac hacker and security expert was not available to verify whether the bug existed in OS X. He's on vacation after hacking Safari and earning $10,000 in loot in March at the Pwn2Own contest.
Miller has stated that Macs and Apple software are often easier to hack than PCs and Windows software. Overall there's been relatively little interest in hacking Macs or Apple products, but what little attention there has been has revealed a host of security flaws. Apple patched 16 flaws in Safari in mid-March -- including 10 that affected OS X. Miller's exploit was among those flaws fixed.
Apple is keeping quiet on the latest danger to its customers -- its usual response to such security dangers. Security experts at US-CERT and Secunia are providing Safari users with some sound advice for now at least -- don't open untrusted HTML emails, and disable JavaScript except on trusted sites.
Many security experts have criticized Apple's lax stance on security and poorly implemented products. Charlie Miller states, "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."
Or as Mac researcher Dino Dai Zovi once put it, "There is no magic fairy dust protecting Macs. Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun."" |
Quote : | "This time Apple's latest security woe is a "highly critical" flaw in its Safari browser; and Apple is yet again silent on the issue." |
[Edited on May 10, 2010 at 5:50 PM. Reason : /]5/10/2010 5:48:07 PM |
Optimum All American 13716 Posts user info edit post |
You can tell that the author nearly creamed his pants while writing this article. OH NOES APPLE IS TEH EVILZ. 5/10/2010 5:51:43 PM |
BlackDog All American 15654 Posts user info edit post |
lol 5/10/2010 6:01:20 PM |
Optimum All American 13716 Posts user info edit post |
Besides, it's generally been Apple's stance to be silent on most security issues. It might not hurt for them to say, "yes, okay, we see that," but that's really all that they'd need to do. 5/10/2010 6:04:35 PM |
evan All American 27701 Posts user info edit post |
Quote : | "You can tell that the author nearly creamed his pants while writing this article. OH NOES APPLE IS TEH EVILZ." |
5/10/2010 6:29:21 PM |
wwwebsurfer All American 10217 Posts user info edit post |
without looking I'll bet $10 it's written by Jason Mick...
Who is an avid Mac owner and has been bashed MANY times for editorializing the crap out of his articles.
Checking... yup. LoL 5/12/2010 7:49:43 PM |
Optimum All American 13716 Posts user info edit post |
I mean, it's a damn web browser. It's going to have security holes. Making a BIG DEAL out of it is just a stupid journalism tactic. Kinda like when a tabloid puts boobies on their cover... sales go up. Reporting browser flaws like they're the end of the damn world went out of style with IE6. 5/12/2010 9:00:00 PM |
BlackDog All American 15654 Posts user info edit post |
Sort of like how Apple attacked Windows over the same subject maybe? 5/12/2010 9:14:33 PM |
Optimum All American 13716 Posts user info edit post |
Apple is a company, and marketing copy should always be taken with a grain of salt. Dailytech is supposedly a journalistic site, and is letting their biases show through. 5/12/2010 9:17:02 PM |
BlackDog All American 15654 Posts user info edit post |
You can't blame them when over 90% of the market is Microsoft; chances are almost all Dailytech authors use Windows. 5/12/2010 9:31:18 PM |
Optimum All American 13716 Posts user info edit post |
Perhaps, but rabid bias from a news site smacks of amateur hour. 5/12/2010 9:37:47 PM |