'Highly critical' bug found in latest version of Safari

A flaw has been found in the latest Windows version of Apple's browser that could dupe users into downloading malicious code onto their PCs.

Safari logo

A "highly critical" zero-day flaw has been discovered in the latest version of Apple's Safari browser that could allow attackers to infect Windows PCs with malicious code.

The vulnerability, discovered by Polish security researcher Krystian Kloskowski on Friday, was first reported by Danish vulnerability tracking service Secunia and confirmed by the US Computer Emergency Readiness Team (US-CERT). It has been confirmed for version 4.0.5 of Safari for Windows, while there are unconfirmed reports that the latest Mac version may also be vulnerable.

According to Secunia's alert, which rated the vulnerability "highly critical" the second highest rating in its five-step threat-assessment system the bug is caused by an error in the handling of the browser's parent windows, and can result in a "function call using an invalid pointer".

Attackers can subsequently exploit the vulnerability by creating a malicious website and enticing users to visit the page, unwittingly downloading malicious code onto their computers by visiting the site and closing opened pop-up windows.

US-CERT added that another scenario could see attackers duping users into opening rigged HTML-based emails within Safari.

Apple has yet to respond to the reports. Until a patch has been issued, US-CERT advises disabling Javascript on affected versions of the browser to reduce the threat. This can be done in Safari's Preferences menu.

While Kloskowski's original report included a proof-of-concept build, so far there have been no reports of any real-world attempts to exploit the vulnerability.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022