a safari bug (is it all it's cracked up to be?)

speed_the_collapsespeed_the_collapse
Posted:
in macOS edited January 2014
"The problem is triggered by opening a simple web page consisting of only three lines of HTML. The flaw was reported to the Full-Disclosure mailing list by Yannick von Arx, who said clicking on such a link "causes the operating system to [display the] Spinning Rainbow Cursor Of Death (SRCOD)"."



http://www.itweek.co.uk/itweek/news/...t-browser-flaw



Can't you just force quit Safari and everything will be alright? If Safari has a spinning beach ball, none of the other apps should, right?

Comments

  • Reply 1 of 9
    mr. memr. me Posts: 3,221member
    Quote:

    Originally posted by speed_the_collapse

    ....



    Can't you just force quit Safari and everything will be alright? If Safari has a spinning beach ball, none of the other apps should, right?



    This has always been my experience. Just click on some other area of the screen or press [apple]+[option]+[esc] to bring up the Force Quit dialog box. Before declaring this the end of Apple as we know it, it would be interesting to know if this vulnerability is a Safari problem or an HTML problem.
  • Reply 2 of 9
    mike egglestonmike eggleston Posts: 719member
    Quote:

    Originally posted by Mr. Me

    This has always been my experience. Just click on some other area of the screen or press [apple]+[option]+[esc] to bring up the Force Quit dialog box. Before declaring this the end of Apple as we know it, it would be interesting to know if this vulnerability is a Safari problem or an HTML problem.



    The real question is if this is truly a vulnerability or is this a HTML problem or rendering issue. I am updating my version of WebKit right now, just to see if this is really a rendering issue, or is it a vulnerability.



    I doubt that it is a vulnerability though.



    I will post my findings on here.



    Link to Webkit: http://webkit.opendarwin.org/



    Edited to add link to WebKit
  • Reply 3 of 9
    mike egglestonmike eggleston Posts: 719member
    Quote:

    Originally posted by Mike Eggleston

    The real question is if this is truly a vulnerability or is this a HTML problem or rendering issue. I am updating my version of WebKit right now, just to see if this is really a rendering issue, or is it a vulnerability.



    I doubt that it is a vulnerability though.



    I will post my findings on here.



    After grabbing the nightly build of WebKit, I can safely say that this is no longer an issue. Once Apple snags a version of the new WebKit, this "vulnerability" will go away.



    For all of you who are curious, here is the supposed "vulnerability":



    Code:


    <HTML>

    <TABLE>

    <TR><TD ROWSPAN=2000000000>







    The person was very gracious to put a link to show the vulnerability. Here is the link:



    http://www.yanux.ch/exploits/safari/example.html
  • Reply 4 of 9
    lgnomelgnome Posts: 81member
    Quote:

    Code:


    <HTML>

    <TABLE>

    <TR><TD ROWSPAN=2000000000>







    The person was very gracious to put a link to show the vulnerability. Here is the link:



    http://www.yanux.ch/exploits/safari/example.html



    erms.. BE WARNED.



    Call me stupid for running the link but here are my results:



    1. Firefox didn't skip a beat.

    2. Safari caused my machine its first ever system wide "freeze." Mouse moved but everything else was frozen. Had to do a hard reset a minute so later. (2.0 MBP)
  • Reply 5 of 9
    vox barbaravox barbara Posts: 2,021member
    Quote:

    Originally posted by LGnome

    erms.. BE WARNED.



    Call me stupid for running the link but here are my results:



    1. Firefox didn't skip a beat.

    2. Safari caused my machine its first ever system wide "freeze." Mouse moved but everything else was frozen. Had to do a hard reset a minute so later. (2.0 MBP)



    Funny, nearly the same here Fortunately i could force quit Safari to

    avoid a restart. Bad, bad, bad
  • Reply 6 of 9
    MarvinMarvin Posts: 15,326moderator
    I think Safari should have built-in timeouts. The browser should never hang up for any task. Safari should run every task (possibly every tab/window) in a thread and if it excedes a certain time, it should either auto kill it or give the user the option without having to force quit the browser itself.
  • Reply 7 of 9
    physguyphysguy Posts: 920member
    First, if the reporting is correct, this guy doesn't know what he's talking about.
    Quote:

    The SRCOD is the OS X icon used to show that the operating system is busy. It is extremely difficult to regain control of the system while it is visible.



    In his email to full-disclosure, Von Arx suggests the easiest ways to regain control are to unplug the computer or wait several minutes until Safari crashes.



    First, the Force quit, either from the Dock or the Apple menu, or the key squence, solves this almost instantly. Second, why would you unplug the computer when you can simply hold down the power button to force a hard reboot (which really isn't necessary).



    But more importantly, can anyone here give a rational explaination as to how this is a 'vulnerability'???? as opposed to a simple bug. It seems that the security industry is (or has already) evolving into a mob type protection racket with all sorts of fear mongering. I always thought a DOS was something that was initiated from outside, not a user action, and tied up the network bandwidth. This is nothing more that the equivalent of an open for loop.\ \ Kill the process and get on with it. (And OSX give you plenty of simple ways to kill the process)
  • Reply 8 of 9
    MarvinMarvin Posts: 15,326moderator
    Quote:

    Originally posted by physguy

    But more importantly, can anyone here give a rational explaination as to how this is a 'vulnerability'???? as opposed to a simple bug. It seems that the security industry is (or has already) evolving into a mob type protection racket with all sorts of fear mongering. I always thought a DOS was something that was initiated from outside, not a user action, and tied up the network bandwidth. This is nothing more that the equivalent of an open for loop.\ \ Kill the process and get on with it. (And OSX give you plenty of simple ways to kill the process)



    Maybe they define DOS to mean a method in which you can be denied access to a webserver. I think DOS attacks usually take down the server by say pinging them to death or whatever so users can't access the sites.



    Still, it is just a bug and it seems to already be fixed in webkit. Apple just needs to issue an update.



    I agree there seems to be a lot of people trying to make Mac users more afraid and hyping up security threats. It's a pain in the ass but what can you do?
  • Reply 9 of 9
    mike egglestonmike eggleston Posts: 719member
    Quote:

    Originally posted by physguy

    But more importantly, can anyone here give a rational explaination as to how this is a 'vulnerability'???? as opposed to a simple bug. It seems that the security industry is (or has already) evolving into a mob type protection racket with all sorts of fear mongering. I always thought a DOS was something that was initiated from outside, not a user action, and tied up the network bandwidth. This is nothing more that the equivalent of an open for loop.\ \ Kill the process and get on with it. (And OSX give you plenty of simple ways to kill the process)



    That is the whole point right there. This is not a vulnerability. This is a simple bug. It is a bug that was squashed with the most recent WebKit Nightly build. This will (more than likely) go away with the next Safari update.
Sign In or Register to comment.