NEWS FROM THE LAB - Tuesday, June 12, 2007

Safari Vulnerabilities Posted by SGMasood @ 15:11 GMT

Thor Larhom

Safari for Windows that is…

Thor Larholm has discovered a remote command execution vulnerability in the newly released Safari for Windows (Beta) just a day after it was released. The vulnerability is caused by Safari's failure to validate user-supplied strings before passing them as parameters to external URL protocol handlers. The vulnerability can be exploited to execute arbitrary code on a victim's computer just by making them view a malicious web page in Safari.

Some other vulnerability researchers have reportedly discovered more remote command execution vulnerabilities in Safari. However, as of now, only the vulnerability discovered by Larholm can be independently confirmed.