Juan Pablo Lopez Yacubian posts - Defense in Depth

April 23, 2008 10:01 AM PDT

Safari users may be subject to crashes or interactions with an attacker's malicious site, according to a warning posted on Tuesday on BugTraq .

Researcher Juan Pablo Lopez Yacubian is credited with finding multiple vulnerabilities in Apple Safari 3.1.1 for Windows. Other versions of Safari may also be affected.

Among the vulnerabilities cited are a denial-of-service (crash) vulnerability caused by a write-access violation, a denial-of-service (crash) vulnerability caused by a read-access violation, and a third vulnerability that allows attackers to spoof the content contained in the address bar. A full write up can be found here .

In a separate mailing to Bugtraq, Juan Pablo Lopez Yacubian says he was also able to use a similar exploit to crash Mozilla Firefox 3 beta 5.

That said, the general workaround is not to use Safari 3.1.1 for Windows until Apple issues a fix. Versions of Firefox 2.x and Opera are recommended.

Topics:: Browsers and extensions,; Security

Tags:: security,; Apple,; Safari,; Windows,; Juan Pablo Lopez Yacubian,; Firefox 3 beta 5

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Deep Tech
'Don't-be-evil' Google spurns no-evil software
One open-source software programmer's joke--'The Software shall be used for Good, not Evil'--is a serious matter at Google.
Gallery
A real-world test of Google Goggles visual search (photos)
Wireless
AT&T resumes online iPhone sales in NY
It's once again safe to order an iPhone through AT&T's Web site if you live in New York, after an unexplained halt was enforced in the area over the weekend.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Behind the scenes of CBS's NFL coverage
Software, Interrupted
Android and iPhone users not so different after all
Android and iPhone usage patterns look very much alike. Can RIM and others keep up with the way users want to user their mobile devices.
Video
Deep-sea volcanic explosion--part 2 (video)
The Social
Facebook COO nominated to Disney board
Sheryl Sandberg, who has been chief operating officer of the social network for nearly two years now, will join the board if shareholders approve in March.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
Top-rated reviews of the week (photos)
Crave
Speculating on Chrome OS Netbook specs
If rumored specs for the Netbook prove true, it will house a Nvidia Tegra platform with an ARM CPU, a 10.1-inch multitouch screen that support HD, and much more.
Green Tech
Smart-grid spending to hit $200 billion by 2015
Technologies to automate and upgrade the grid will capture most of the $200 billion invested in modernizing electrical power systems, says Pike Research.

Defense in Depth

Apple Safari vulnerable to multiple attacks

Most Popular

15 sites that went kaput in 2009

Top 10 news stories of the decade

About Defense in Depth

Defense in Depth topics

Antivirus

Audio and video

Bots and botnets

Browsers and extensions

Chat and e-mail

Criminal Hackers

Mobile

Networking

Phishing

Rootkits

Security

Spyware

Storage

Uncategorized

Most Discussed

Inside CNET News