An alleged security issue in Mac OS X
affects Apple's Safari browser and TextEdit applications under all versions of Mac OS X and could allow malicious users to crash the running applications and possibly compromise the system.
Security Protocols, which rates the flaw with 'medium' severity', reveals that "denial of service vulnerability exists within the KHTMLParser on Mac OS X 10.4.3 and all prior versions which allows for an attacker to cause the application which uses this class to crash, and or execute arbitrary code on the targeted host." The report says that when running a specially crafted .html file, the "khtml::RenderTableSection::ensureRows" inproperly parsers the data and causes the crash. The Website provides an example of the code and also says that Apple has been notified. Earlier today, we noted that Symantec admitted that its
NAV solution has an exploitable flaw that could allow users to attack any Mac system with the software installed. [updated 12:05 pm ET]
Update: One MacNN reader, however, says that the flaw is no more than a bug: "It is a crashing bug, but certaily does not look line a security issue in any way, shape or form. A better way to write it would be: 'A maliciously constructed web page giving a preposterous rowspan in a table can cause the KHTML parser to crash.'" The reader says that a maliciously crafted HTML page would cause a large enough array to crash the application ("in true Unix fashion"), however, it is unclear if--or how--it could allow execution of arbitrary code."
Filed under: troubleshooting
subscribe to comments
for this article
apple safari nightly
-Sapridyne
If this is the same flaw, I find it terribly funny that someone rushed out to get "credit" for it.
If this is the same flaw, I find it terribly funny that someone rushed out to get "credit" for it.
Why is it 'funny'. It isn't important to tell people of a possible security flaw, just because its been fixed in a set of code only few people get? I guess we should find it funny for any Windows XP flaws that were fixed in the Vista software, because, hell, its basically fixed!
Oh, and just because they're in the nightlies doesn't mean that they'll be in the next release of 10.4. It may take months to see a fix, if one is ever released. (Hard to say with Apple, since they're response to security is usually a mumbled "Hey, we've fixed some bugs" followed by a "What? 10.3? We might make a fix for it, but don't hold your breath").