Safari for Windows ... vulnerability found

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,751
Reaction score
1,210
Safari for Windows that is…

Thor Larholm has discovered a remote command execution vulnerability in the newly released Safari for Windows (Beta) just a day after it was released. The vulnerability is caused by Safari's failure to validate user-supplied strings before passing them as parameters to external URL protocol handlers. The vulnerability can be exploited to execute arbitrary code on a victim's computer just by making them view a malicious web page in Safari.

Some other vulnerability researchers have reportedly discovered more remote command execution vulnerabilities in Safari. However, as of now, only the vulnerability discovered by Larholm can be independently confirmed.
... well, it is a Beta product, what do they expect? ;)


:user:
 
Back
Top