Wednesday, June 13, 2007

Apple's (AAPL) Safari: Security Experts Easily Find Multiple Bugs

In the now-classic Apple(AAPL) commercials, Mac Guy occasionally remarks to PC Guy that Macs don't have the security Relevant Products/Services problems of PCs. But now, Mac Guy might have PC Guy's problems. Within hours of Monday's announcement that Safari 3 beta was available for Windows, three security blogs identified vulnerabilities in the Apple-made browser.

While Apple's marketing information suggests Safari has been "designed to be secure from day one," security experts Aviv Raff, David Maynor, and Thor Larholm found otherwise -- in some cases simply by opening a malicious Web site in Safari.

Bloggers Unveil Issues

Writing on the Errata Security blog, David Maynor said on Monday that using "publicly available tools," he and associates found "six bugs in an afternoon; four DoS and two remote code execution bugs." DoS refers to a denial-of-service attack in which packets of data can overwhelm and then crash a computer.

The bugs work not only on the Windows version of Safari, Maynor wrote, but also on the version for Apple's OS X. "Same code base for a lot of stuff," he said.

Maynor said that his disclosure policy was to "give vendors as long as they need to fix problems." But "if the vendor is unresponsive" or makes threats, he wrote, after 30 days he will release the full details. In any case, he said, the information on the vulnerabilities will not be sold to a third party.

Thor Larholm, on his blog, wrote today that, within two hours of downloading, installing, and using Safari for Windows, he found a "fully functional command execution vulnerability, triggered without user interaction simply by visiting a Web site."

He pointed out that Safari was originally designed for tight integration with OS X, but "the breadth of knowledge is crippled when the software is released on other systems and mistakes and mishaps occur." When Apple released Safari for Windows, he noted, the company neglected to implement Windows-specific URL protocol handlers. The result is that a malicious user can "break out of the intended confines and wreak havoc."

On his blog,, Aviv Raff said that he found "memory corruption" that "might be exploitable," although he added that he'll "have to dig more to be sure of that."

Hackers have long wanted to get their hand on the iPod and you can bet the iPhone is just too tempting for them. With the planned integration between the browser and the devices, the security breaches in Safari will open that door. How long before Microsoft's (MSFT) PC guy has his own commercial out there?

Full Article Here

blogger templates | Make Money Online