Safari for Windows zero day driveby exploit
Looks like Apple is having a hard time securing the software they create.
Unknown at this time if the bug also effects Safari on OS X or iPhone OS, iPads etc.
Advice is to turn off Javascript, use a Safari plug-in blocker or install Firefox and the NoScript plug-in.
http://www.computerworld.com/s/artic...i_zero_day_bug
Unknown at this time if the bug also effects Safari on OS X or iPhone OS, iPads etc.
Advice is to turn off Javascript, use a Safari plug-in blocker or install Firefox and the NoScript plug-in.
http://www.computerworld.com/s/artic...i_zero_day_bug
Comments
Apple Safari Vulnerability
added May 10, 2010 at 10:57 am
US-CERT is aware of a vulnerability affecting Apple Safari. By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available.
US-CERT encourages users and administrators to disable JavaScript as detailed in the Securing Your Web Browser document until a fix is provided by the vendor. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.
US-CERT will provide additional information as it becomes available.
http://www.us-cert.gov/current/index..._vulnerability
http://www.exploit-db.com/exploits/12573
It doesn't work in VMWare (doesn't launch the Calculator), maybe to do with checking memory locations.
If it launches the calculator running natively then that simple script could be modified to do anything to a Windows user's machine with logged in user permissions. People likely wouldn't use it though because Safari share is so low, they'd use an IE8 or Firefox zero-day exploit instead.
Firefox 3.5 zero-day is here:
http://www.exploit-db.com/exploits/9137
IE 6,7,8 exploit under XP here:
http://www.exploit-db.com/exploits/11615
The success of the Safari attack depends on the payload so that's probably why they tried to contact Miller to get him to construct code that would run correctly on a Mac system. Until that code is developed and released, Macs should be safe but it's an issue Apple needs to address and since the exploit is out there, they need to do it ASAP.
The Apple I used to know would take concrete steps to prevent any sort of vulnerability, not dance around the edges like they are doing now.
So the only reason I can think of that they are doing what they are doing (or in the case of not fuzzing their code, not doing) is because they have been told to (or not to) do so.
http://www.cgisecurity.com/2009/04/f...for-years.html
Guess the only safe browsing method is to run as VM and dump each session daily or separate your prime machine from the interent machine.
Because as long as browser makers obey the spooks and leave their browsers vulnerable, hackers will find the exploits. It´s only those with ethical standards that turn these vulnerabilities in.
Guess the same spooks who have gotten Microsoft to keep their software so insecure all these years have also gotten to Mozilla and Apple.
Seems overly paranoid to me, if they wanted to leave a deliberate security hole, they wouldn't make it as obvious as a buffer overflow exploit. Those kind of exploits happen through programmer errors because you just can't continually account for every miniscule flaw when you work on complex projects. The Mac exploit is caused by not dealing with a memory pointer properly i.e a single line of code out of hundreds of thousands.
It wouldn't surprise me that the companies do collaborate with the government agencies even to the extent of allowing spying on end users but they wouldn't risk the security and ultimately the end user experience of their most profitable products just to give the agencies a back door.
Seems overly paranoid to me, if they wanted to leave a deliberate security hole, they wouldn't make it as obvious as a buffer overflow exploit. Those kind of exploits happen through programmer errors because you just can't continually account for every minuscule flaw when you work on complex projects. The Mac exploit is caused by not dealing with a memory pointer properly i.e a single line of code out of hundreds of thousands.
It wouldn't surprise me that the companies do collaborate with the government agencies even to the extent of allowing spying on end users but they wouldn't risk the security and ultimately the end user experience of their most profitable products just to give the agencies a back door.
The intentional negligence gives browser makers plausible deniability to negate the adverse effects with consumers. Microsoft has been playing that game for years.
The blame lies with OS makers, all Internet facing programs should be sandboxed by default.
Compartmentalized security is the only solution.
The blame lies with OS makers, all Internet facing programs should be sandboxed by default.
I agree and in fact a lot of them do but sand boxes can have holes too like the iPhone sand box and these holes let them escalate privileges. Google is talking about having Chrome execute native code now too and that's just going to open a whole other can of worms.