Safari Security Flaws Found Immediately
Safari for Windows had only been released a matter of hours before “security researchers” began hammering away at it.
Thor Larholm wrote a PoC exploit in just 2 hours, and shared his method and thoughts in “Safari for Windows, 0day exploit in 2 hours“. The attack can use an installed Firefox application and the Gopher URL protocol (other “attack vectors” besides these could be available), but the actual vulnerability is provided by Safari. Thor also provides a direct link to a page that WILL crash your Safari browser on Windows just to demonstrate!
Aviv Raff was able to locate a memory corruption by running Hamachi (”a community-developed utility for verifying browser integrity, written by H D Moore and Aviv Raff”). More can be found at “Apple Safari for Windows - Out with a crash“
David Maynor found 6 bugs (4 DoS and 2 remote code execution), and reported them in his appropriately named article: “Niiiice…“.
October 17th, 2007 16:38
[...] The iPod Touch has officially been cracked to allow third party applications to be installed. This is something Apple definitely did NOT want. The main part of the process is a TIFF exploit found in Safari. When the browser is pointed towards http://jailbreak.toc2rta.com (full instructions may be found here), Safari crashes and the door is open to begin the iTouch “Jailbreak” hack. This is NOT the first security vulnerability found in Safari. [...]
November 29th, 2007 13:21
Hi, my name is disman-kl, i like your site and i ll be back
December 19th, 2007 23:00
Oh, and did not know about it. Thanks for the information …