Safari Plagued by Highly Critical Vulnerability, Secunia Announces
Article by George Norman
On 11 May 2010
The Apple-developed Safari web browser version 4.0.5 is plagued by a highly critical security vulnerability announced Secunia, Danish company that specializes in providing software for vulnerability management and is best known for tracking the latest security threats and offering info about patches.

It has been confirmed that the highly critical vulnerability in question affects the Windows version of Safari 4.0.5. Other versions of the browser may be affected as well. If exploited by a person with malicious intent, the vulnerability could allow for remote code execution. If someone with malicious intent sets up a special website, when the user visits said website and closes a popup window, it could lead to remote code execution.


Here is the exact description of the vulnerability as provided by Secunia: “An error in the handling of parent windows can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.”

Secunia advises users not to visit untrusted websites and not to click on links that come from untrusted sources.

According to Secunia there is a second security issue in Apple Safari; this issue could lead to exposure of sensitive information. “The security issue is caused due to Safari including HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain (e.g. via a "Location" header),” explained Secunia. This security issue has been confirmed in Safari 4.0.5 for Windows as well. It is not yet known if this security issue affects other browser versions – it is possible though.

Back in March, Cupertino-based software developer Apple rolled out version 4.0.5 of its Safari web browser. At the time of the release, Safari 4.0.5 fixed a grand total of 16 security vulnerabilities.

UPDATE MArch 12: The United States Computer Emergency Readiness Team (US-CERT) has also issued an advisory on this issue (see here).

Tags: Secunia, Apple, Safari, Vulnerability, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 09 Aug 2017
Android started out as an underdog, as the mobile operating system that nobody took seriously. Big-name tech companies laughed it off and critics said it would fail miserably, but Android proved them all wrong and become the powerhouse that it is today.
By George Norman on 21 Jul 2017
Firefox Focus for Android, the ad-blocking browser that Mozilla rolled out back in June, has reached a very important milestone: 1 million downloads. To celebrate this joyous occasion, Mozilla decided to update the browser and add 3 features that people had been asking for.
By George Norman on 28 Jul 2017
If you’re a big name famous person and Apple comes knocking at your door, you’re not going to say no. After all, we’ve seen celebrities use their star power to endorse technology time and time again.
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Safari Plagued by Highly Critical Vulnerability, Secunia Announces
HTML Linking Code