toggle

AAPL Stock: 112.01 ( -0.53 )

Printed from http://www.macnn.com

Vulnerability in Window 7 64-bit may be exploited by Safari

updated 08:30 pm EST, Tue December 20, 2011

Gives attacker ability to run arbitrary code

Microsoft is said to be looking into a new vulnerability in the 64-bit version of Windows 7 that can be exploited through Apple's Safari web browser for Windows, according to a report on Threat Post. The flaw, reported a few days ago by an independent researcher on Twitter and confirmed by Secunia, would allow an attacker to run arbitrary code on victimized machines.

In the original message, the hacker (known as w3bd3vil) says feeding an iframe with a excessively large height property in Safari causes a Blue Screen of Death (BSOD). Further exploitation of the flaw could also execution of arbitrary code with kernel-mode privileges. In a later tweet, he clarified that it was the NtGdiDrawStream which is being called multiple times that is causing the crash in Windows 7.

Until Microsoft is able to correct the issue, the relative obscurity of Safari on Windows is the only protection against the attack. While Safari has an overall (approximately) ten percent share of the browser market, the vast majority of that figure comes from Mac users, where Safari is the default browser.

So far, the attack only works when launched through the Safari browser, but it is possible that the vulnerability could be exploited through other browsers as well. Safari is based on WebKit, which is also used in Google's Chrome and other less-popular Windows browsers. [via Threat Post]




by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented