Critical zero-day flaw found in Apple's Safari browser

Share this article:
A “highly critical” zero-day vulnerability has been discovered in Apple's Safari web browser, according to Danish vulnerability tracking firm Secunia.

The code execution vulnerability, revealed Friday, affects the current version (4.0.5) of Safari for Windows and could allow an attacker to compromise a user's system. Other versions of the browser could also be affected.

Users are being advised to avoid visiting untrusted websites or clicking on links from untrusted sources.

The vulnerability is the result of, “an error in the handling of parent windows and can result in a function call using an invalid pointer,” according to Secunia's advisory. The vulnerability could be exploited to execute arbitrary code if a user is directed to a specially crafted web page and attempts to close pop-up windows.

Secunia has rated the vulnerability “highly critical,” or four out of five on its severity rating scale.

The vulnerability likely also affects Safari for Mac because the code base of the two programs is largely the same, according to Mac security firm Intego

"We're keeping an eye on this to see how it progresses, as this is the kind of vulnerability that can be exploited when a user simply visits a web page," Peter James, spokesman at Intego, wrote in a blog post Monday.

An Apple spokesperson did not immediately respond to a request for comment made by SCMagazineUS.com on Monday.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff ...

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.