Text Size
Security issue in Apple's Safari?
updated 10:35 am EST, Thu December 22, 2005
Safari security flaw
An alleged security issue in Mac OS X that could allow users to attack any Mac system with the software installed. [updated 12:05 pm ET]
Update: One MacNN reader, however, says that the flaw is no more than a bug: "It is a crashing bug, but certaily does not look line a security issue in any way, shape or form. A better way to write it would be: 'A maliciously constructed web page giving a preposterous rowspan in a table can cause the KHTML parser to crash.'" The reader says that a maliciously crafted HTML page would cause a large enough array to crash the application ("in true Unix fashion"), however, it is unclear if--or how--it could allow execution of arbitrary code."
This one was fixed...
12/22, 11:24am reply
This one was fixed not long ago in the nightlies...if I'm not mistaken. I'm guessing it was an easy fix.
Horsepoo!!!
Banned
Joined: Jun 2003
In other words...
12/22, 11:25am reply
The Mac is safer without third party virus protection ;)
Deal
Mac Enthusiast
Joined: Apr 2001
Nightlies?
12/22, 11:45am reply
What nightlies are you talking about? Safari has 'em? This isn't some SourceForge project we're talking about here...
ebow
Fresh-Faced Recruit
Joined: Oct 2001
Google it
12/22, 11:56am reply
Google is your best friend, ebow.
apple safari nightly
-Sapridyne
sapridyne
Fresh-Faced Recruit
Joined: Jun 2003
Of coource
12/22, 12:02pm reply
I knew that, I knew that... Just, er, testing you. http://nightly.webkit.org/builds/
ebow
Fresh-Faced Recruit
Joined: Oct 2001
Interesting
12/22, 12:17pm reply
If it is already fixed in the nightlies, it was probably "discovered" by someone watching the WebKit-Dev list where a crasher was discussed recently.
If this is the same flaw, I find it terribly funny that someone rushed out to get "credit" for it.
sdf
Fresh-Faced Recruit
Joined: Aug 2004
True MacNN
12/22, 01:06pm reply
Well, MacNN never lets the facts get in the way of a good (or old) story! Sigh!
Feathers
Forum Regular
Joined: Oct 1999
Re: interesting
12/22, 02:07pm reply
If it is already fixed in the nightlies, it was probably "discovered" by someone watching the WebKit-Dev list where a crasher was discussed recently.
If this is the same flaw, I find it terribly funny that someone rushed out to get "credit" for it.
Why is it 'funny'. It isn't important to tell people of a possible security flaw, just because its been fixed in a set of code only few people get? I guess we should find it funny for any Windows XP flaws that were fixed in the Vista software, because, h***, its basically fixed!
Oh, and just because they're in the nightlies doesn't mean that they'll be in the next release of 10.4. It may take months to see a fix, if one is ever released. (Hard to say with Apple, since they're response to security is usually a mumbled "Hey, we've fixed some bugs" followed by a "What? 10.3? We might make a fix for it, but don't hold your breath").
testudo
Fresh-Faced Recruit
Joined: Aug 2001
Geocities site
12/22, 03:04pm reply
I hit a link to take me to a Geocities site the other night. The damn thing crashed Safari repeatedly, screwed up the prefs and even turned off Cocoa Gestures. Never seen anything like it before. Hope I never see it again.
nitram_again
Fresh-Faced Recruit
Joined: Nov 2001
Yes, funny.
12/22, 03:21pm reply
With an update expected in only a few weeks, and the crash not a security flaw, I find it funny... yes, funny... that someone would run to the press with it, claim to have discovered it and claim it's a security flaw.
sdf
Fresh-Faced Recruit
Joined: Aug 2004