'Highly critical' bug found in latest version of Safari
A flaw has been found in the latest Windows version of Apple's browser that could dupe users into downloading malicious code onto their PCs.
A "highly critical" zero-day flaw has been discovered in the latest version of Apple's Safari browser that could allow attackers to infect Windows PCs with malicious code.
The vulnerability, discovered by Polish security researcher Krystian Kloskowski on Friday, was first reported by Danish vulnerability tracking service Secunia and confirmed by the US Computer Emergency Readiness Team (US-CERT). It has been confirmed for version 4.0.5 of Safari for Windows, while there are unconfirmed reports that the latest Mac version may also be vulnerable.
According to Secunia's alert, which rated the vulnerability "highly critical" the second highest rating in its five-step threat-assessment system the bug is caused by an error in the handling of the browser's parent windows, and can result in a "function call using an invalid pointer".
Attackers can subsequently exploit the vulnerability by creating a malicious website and enticing users to visit the page, unwittingly downloading malicious code onto their computers by visiting the site and closing opened pop-up windows.
US-CERT added that another scenario could see attackers duping users into opening rigged HTML-based emails within Safari.
While Kloskowski's original report included a proof-of-concept build, so far there have been no reports of any real-world attempts to exploit the vulnerability.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now