toggle

AAPL Stock: 113.29 ( + 0.37 )

Printed from http://www.macnn.com

Vulnerability in Window 7 64-bit may be exploited by Safari

updated 08:30 pm EST, Tue December 20, 2011

Gives attacker ability to run arbitrary code

Microsoft is said to be looking into a new vulnerability in the 64-bit version of Windows 7 that can be exploited through Apple's Safari web browser for Windows, according to a report on Threat Post. The flaw, reported a few days ago by an independent researcher on Twitter and confirmed by Secunia, would allow an attacker to run arbitrary code on victimized machines.

In the original message, the hacker (known as w3bd3vil) says feeding an iframe with a excessively large height property in Safari causes a Blue Screen of Death (BSOD). Further exploitation of the flaw could also execution of arbitrary code with kernel-mode privileges. In a later tweet, he clarified that it was the NtGdiDrawStream which is being called multiple times that is causing the crash in Windows 7.

Until Microsoft is able to correct the issue, the relative obscurity of Safari on Windows is the only protection against the attack. While Safari has an overall (approximately) ten percent share of the browser market, the vast majority of that figure comes from Mac users, where Safari is the default browser.

So far, the attack only works when launched through the Safari browser, but it is possible that the vulnerability could be exploited through other browsers as well. Safari is based on WebKit, which is also used in Google's Chrome and other less-popular Windows browsers. [via Threat Post]




by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

Wren V5US Wireless Sound System

If you're a music fanatic, chances are you are, by extension, a bit fanatical about what you listen to your music on. If you're like ...

toggle

Most Commented