New flaw crashes Safari, Finder
updated 06:30 pm EST, Wed March 29, 2006
New flaw crashes Safari
A blogger has identified an apparent flaw in the Apple's Mac OS X graphics display engine, ImageIO, that will crash the company's Safari Web browser and other system applications, including the Finder. The flaw [link: warning, will crash Safari], posted by DrunkenBlog, crashes anything using the Mac OS X ImageIO API including Finder, Preview, and applications based on Webkit and WebCore -- Apple JavaScript/HTML display engine for Safari and other applications. ImageIO reportedly hangs during an EXIF routine, and images of the specified type are already floating around on the Web according to the blogger, who comments on Apple's general security standing. "I haven't met anyone within Apple that's been around awhile who wouldn't admit over beers that they'd be mighty nervous dropping OS X as it currently stands into the orgy Windows swims in, so I'm always amused at what shows up around the Web, and less amused by the pundits feeding it to them." The report notes that the bug -- which only affects Tiger and won't crash Camino or Firefox -- has been reported in Apple's system; however, as with most security issues, Apple has not publicly responded.












Muahhhahahaaaa...
03/29, 08:02pm reply
Check out the Dave Matthews video here... http://www.videocodezone.com/videos/d/dave_matthews_band/crash.html ...yes, it will also "Crash" Safari ;)
The Wolf
Dedicated MacNNer
Joined: Jul 2001
Damn
03/29, 10:43pm reply
Damn...
Damn.
Damn!
godrifle
Fresh-Faced Recruit
Joined: Jan 2006
Yes...
03/30, 02:09am reply
As long as I can remember, there have always been web sites that could cause browsers to crash. Hardly sounds like a big woop security problem to me (although clearly, I don't have the same exposure to Apple employees who've been around a good while, over beers, discussing the scenario of what-if Mac OS X was Windows... someone needs to grab a life with at least one hand and try to hang on tight).
dimmer
Mac Enthusiast
Joined: Feb 2006
JulesLt
03/30, 03:15am reply
The problem is that a LOT of Mac users try to persuade Windows users there are NO problems with OS X, rather than that the consequences of those problems are smaller.
S'funny that the thing everyone remembers about the Titanic is that it sank, but the compartmentalised hull design it pioneered was still better than what was before and has become the standard for ship design.
People like it when 'unbreakable' or 'unsinkable' systems break - presumably because most people have a bad grasp of risk, and thus translate it into 'thank god I'm on a good old single compartment vessel rather than one of these new unsinkable ships'.
(Although the flipside of the lesson is 'if you think you are secure, you may engage in risky behaviour and go full-speed through an ice-flow').
JulesLt
Fresh-Faced Recruit
Joined: Jul 2005
Re: Titanic
03/30, 07:06am reply
Ironically, if the Titanic *had* steamed full-speed through the iceberg instead of attempting to go around at the last minute (thereby striking the side of the hull), it's believed that it would not have sunk.
As you say, Jules, poor grasp of risk and avoidance techniques seems to be the key issue.
Geobunny
Grizzled Veteran
Joined: Oct 2000
DIDN'T CRASH!
03/30, 07:48am reply
I clicked the link and saw the image (a Jag town car) just fine.
Safari 1.3.2 (v312.6) Osx 10.3.9
sadmachine
Fresh-Faced Recruit
Joined: Jun 2004
Only in Tiger
03/30, 09:10am reply
sadmachine, It shouldn't have, since you were using 10.3 (Panther), the story specifically mentions that the flaw only effects 10.4 (Tiger).
Timetheus
Forum Regular
Joined: Jan 2006
WARNING: Finder Download
03/30, 01:20pm reply delete
Well, being the curious me, I wanted to see what crashing the Finder means so I downloaded the car picture to my desktop using Firefox. Well, I forgot that I had turned on preview icons or something like that so as soon as the download was complete, my Finder went into infinite crash and re-launch. I panicked a bit and then realised I could use Terminal to remove the file. I pity the Mac user who doesn't know how to use unix commands though!
conalho
Joined:
I'm not sure...
03/30, 02:56pm reply
...what the significance of this is:
"they'd be mighty nervous dropping OS X as it currently stands into the orgy Windows swims in."
Seems to me anyone would be nervous about launching their creation into something like that. Lord knows the Windows developers feel that way!
ADeweyan
Fresh-Faced Recruit
Joined: Mar 2004
why is it a...
03/31, 03:28am reply
"security issue" that Safari crashes due to a bug?
Why does Apple need to "respond" to it? They will no doubt respond to it by releasing a fix to this bug with the next incremental 10.4 update.
Once again, as with the "Apple does not have a security czar" angle, the entities who profit from security fears are pointing to things which are not actually security "flaws" in Mac OS X as "proof" that Mac OS X has security concerns. Stupid stuff like this makes me feel safer than ever with Mac OS X, because it is obvious they cannot point to an actual "real world" security threat.
kw99
Fresh-Faced Recruit
Joined: Nov 2001