AppleInsider › Forums › Software › Mac OS X › a safari bug (is it all it's cracked up to be?)
New Posts  All Forums:Forum Nav:

a safari bug (is it all it's cracked up to be?)

post #1 of 10
4/27/06 at 11:03am
Thread Starter 
"The problem is triggered by opening a simple web page consisting of only three lines of HTML. The flaw was reported to the Full-Disclosure mailing list by Yannick von Arx, who said clicking on such a link "causes the operating system to [display the] Spinning Rainbow Cursor Of Death (SRCOD)"."

http://www.itweek.co.uk/itweek/news/...t-browser-flaw

Can't you just force quit Safari and everything will be alright? If Safari has a spinning beach ball, none of the other apps should, right?
Reply
Reply
post #2 of 10
4/27/06 at 11:20am
Quote:
Originally posted by speed_the_collapse
....

Can't you just force quit Safari and everything will be alright? If Safari has a spinning beach ball, none of the other apps should, right?

This has always been my experience. Just click on some other area of the screen or press [apple]+[option]+[esc] to bring up the Force Quit dialog box. Before declaring this the end of Apple as we know it, it would be interesting to know if this vulnerability is a Safari problem or an HTML problem.
Reply
Reply
post #3 of 10
4/27/06 at 11:51am
Quote:
Originally posted by Mr. Me
This has always been my experience. Just click on some other area of the screen or press [apple]+[option]+[esc] to bring up the Force Quit dialog box. Before declaring this the end of Apple as we know it, it would be interesting to know if this vulnerability is a Safari problem or an HTML problem.

The real question is if this is truly a vulnerability or is this a HTML problem or rendering issue. I am updating my version of WebKit right now, just to see if this is really a rendering issue, or is it a vulnerability.

I doubt that it is a vulnerability though.

I will post my findings on here.

Link to Webkit: http://webkit.opendarwin.org/

Edited to add link to WebKit
-- Mike Eggleston
-- Mac Finatic since 1984.
-- Proud Member of PETA: People Eating Tasty Animals
-- Wii #: 8913 3004 4519 2027
Reply
-- Mike Eggleston
-- Mac Finatic since 1984.
-- Proud Member of PETA: People Eating Tasty Animals
-- Wii #: 8913 3004 4519 2027
Reply
post #4 of 10
4/27/06 at 12:20pm
Quote:
Originally posted by Mike Eggleston
The real question is if this is truly a vulnerability or is this a HTML problem or rendering issue. I am updating my version of WebKit right now, just to see if this is really a rendering issue, or is it a vulnerability.

I doubt that it is a vulnerability though.

I will post my findings on here.

After grabbing the nightly build of WebKit, I can safely say that this is no longer an issue. Once Apple snags a version of the new WebKit, this "vulnerability" will go away.

For all of you who are curious, here is the supposed "vulnerability":

Code:

<HTML>
<TABLE>
<TR><TD ROWSPAN=2000000000>



The person was very gracious to put a link to show the vulnerability. Here is the link:

http://www.yanux.ch/exploits/safari/example.html
-- Mike Eggleston
-- Mac Finatic since 1984.
-- Proud Member of PETA: People Eating Tasty Animals
-- Wii #: 8913 3004 4519 2027
Reply
-- Mike Eggleston
-- Mac Finatic since 1984.
-- Proud Member of PETA: People Eating Tasty Animals
-- Wii #: 8913 3004 4519 2027
Reply
post #5 of 10
4/27/06 at 1:53pm
Quote:
Code:

<HTML>
<TABLE>
<TR><TD ROWSPAN=2000000000>



The person was very gracious to put a link to show the vulnerability. Here is the link:

http://www.yanux.ch/exploits/safari/example.html

erms.. BE WARNED.

Call me stupid for running the link but here are my results:

1. Firefox didn't skip a beat.
2. Safari caused my machine its first ever system wide "freeze." Mouse moved but everything else was frozen. Had to do a hard reset a minute so later. (2.0 MBP)
Reply
Reply
post #6 of 10
4/27/06 at 3:47pm
Quote:
Originally posted by LGnome
erms.. BE WARNED.

Call me stupid for running the link but here are my results:

1. Firefox didn't skip a beat.
2. Safari caused my machine its first ever system wide "freeze." Mouse moved but everything else was frozen. Had to do a hard reset a minute so later. (2.0 MBP)

Funny, nearly the same here Fortunately i could force quit Safari to
avoid a restart. Bad, bad, bad
" I will not commit anything to memory that I can get from another source . . . "
ALBERT EINSTEIN
Reply
" I will not commit anything to memory that I can get from another source . . . "
ALBERT EINSTEIN
Reply
post #7 of 10
4/27/06 at 4:11pm
I think Safari should have built-in timeouts. The browser should never hang up for any task. Safari should run every task (possibly every tab/window) in a thread and if it excedes a certain time, it should either auto kill it or give the user the option without having to force quit the browser itself.
Reply
Reply
post #8 of 10
4/27/06 at 5:08pm
First, if the reporting is correct, this guy doesn't know what he's talking about.
Quote:
The SRCOD is the OS X icon used to show that the operating system is busy. It is extremely difficult to regain control of the system while it is visible.

In his email to full-disclosure, Von Arx suggests the easiest ways to regain control are to unplug the computer or wait several minutes until Safari crashes.

First, the Force quit, either from the Dock or the Apple menu, or the key squence, solves this almost instantly. Second, why would you unplug the computer when you can simply hold down the power button to force a hard reboot (which really isn't necessary).

But more importantly, can anyone here give a rational explaination as to how this is a 'vulnerability'???? as opposed to a simple bug. It seems that the security industry is (or has already) evolving into a mob type protection racket with all sorts of fear mongering. I always thought a DOS was something that was initiated from outside, not a user action, and tied up the network bandwidth. This is nothing more that the equivalent of an open for loop.\ \ Kill the process and get on with it. (And OSX give you plenty of simple ways to kill the process)
Reply
Reply
post #9 of 10
4/28/06 at 1:00pm
Quote:
Originally posted by physguy
But more importantly, can anyone here give a rational explaination as to how this is a 'vulnerability'???? as opposed to a simple bug. It seems that the security industry is (or has already) evolving into a mob type protection racket with all sorts of fear mongering. I always thought a DOS was something that was initiated from outside, not a user action, and tied up the network bandwidth. This is nothing more that the equivalent of an open for loop.\ \ Kill the process and get on with it. (And OSX give you plenty of simple ways to kill the process)

Maybe they define DOS to mean a method in which you can be denied access to a webserver. I think DOS attacks usually take down the server by say pinging them to death or whatever so users can't access the sites.

Still, it is just a bug and it seems to already be fixed in webkit. Apple just needs to issue an update.

I agree there seems to be a lot of people trying to make Mac users more afraid and hyping up security threats. It's a pain in the ass but what can you do?
Reply
Reply
post #10 of 10
4/28/06 at 6:22pm
Quote:
Originally posted by physguy
But more importantly, can anyone here give a rational explaination as to how this is a 'vulnerability'???? as opposed to a simple bug. It seems that the security industry is (or has already) evolving into a mob type protection racket with all sorts of fear mongering. I always thought a DOS was something that was initiated from outside, not a user action, and tied up the network bandwidth. This is nothing more that the equivalent of an open for loop.\ \ Kill the process and get on with it. (And OSX give you plenty of simple ways to kill the process)

That is the whole point right there. This is not a vulnerability. This is a simple bug. It is a bug that was squashed with the most recent WebKit Nightly build. This will (more than likely) go away with the next Safari update.
-- Mike Eggleston
-- Mac Finatic since 1984.
-- Proud Member of PETA: People Eating Tasty Animals
-- Wii #: 8913 3004 4519 2027
Reply
-- Mike Eggleston
-- Mac Finatic since 1984.
-- Proud Member of PETA: People Eating Tasty Animals
-- Wii #: 8913 3004 4519 2027
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › a safari bug (is it all it's cracked up to be?)