toggle

AAPL Stock: 128.46 ( -1.96 )

Printed from http://www.macnn.com

Vulnerability in Window 7 64-bit may be exploited by Safari

updated 08:30 pm EST, Tue December 20, 2011

Gives attacker ability to run arbitrary code

Microsoft is said to be looking into a new vulnerability in the 64-bit version of Windows 7 that can be exploited through Apple's Safari web browser for Windows, according to a report on Threat Post. The flaw, reported a few days ago by an independent researcher on Twitter and confirmed by Secunia, would allow an attacker to run arbitrary code on victimized machines.

In the original message, the hacker (known as w3bd3vil) says feeding an iframe with a excessively large height property in Safari causes a Blue Screen of Death (BSOD). Further exploitation of the flaw could also execution of arbitrary code with kernel-mode privileges. In a later tweet, he clarified that it was the NtGdiDrawStream which is being called multiple times that is causing the crash in Windows 7.

Until Microsoft is able to correct the issue, the relative obscurity of Safari on Windows is the only protection against the attack. While Safari has an overall (approximately) ten percent share of the browser market, the vast majority of that figure comes from Mac users, where Safari is the default browser.

So far, the attack only works when launched through the Safari browser, but it is possible that the vulnerability could be exploited through other browsers as well. Safari is based on WebKit, which is also used in Google's Chrome and other less-popular Windows browsers. [via Threat Post]




by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...

OmniPlan (OS X, iOS)

We reviewed the Omni Group's most famous Mac software, a To Do app called OmniFocus, back in June 2014, and we were impressed. Some o ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

toggle

Most Commented