toggle

AAPL Stock: 101.58 ( + 0.72 )

Printed from http://www.macnn.com

Vulnerability in Window 7 64-bit may be exploited by Safari

updated 08:30 pm EST, Tue December 20, 2011

Gives attacker ability to run arbitrary code

Microsoft is said to be looking into a new vulnerability in the 64-bit version of Windows 7 that can be exploited through Apple's Safari web browser for Windows, according to a report on Threat Post. The flaw, reported a few days ago by an independent researcher on Twitter and confirmed by Secunia, would allow an attacker to run arbitrary code on victimized machines.

In the original message, the hacker (known as w3bd3vil) says feeding an iframe with a excessively large height property in Safari causes a Blue Screen of Death (BSOD). Further exploitation of the flaw could also execution of arbitrary code with kernel-mode privileges. In a later tweet, he clarified that it was the NtGdiDrawStream which is being called multiple times that is causing the crash in Windows 7.

Until Microsoft is able to correct the issue, the relative obscurity of Safari on Windows is the only protection against the attack. While Safari has an overall (approximately) ten percent share of the browser market, the vast majority of that figure comes from Mac users, where Safari is the default browser.

So far, the attack only works when launched through the Safari browser, but it is possible that the vulnerability could be exploited through other browsers as well. Safari is based on WebKit, which is also used in Google's Chrome and other less-popular Windows browsers. [via Threat Post]




by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

toggle

Most Commented