All Blogs • eWEEK • BASELINE • CHANNEL INSIDER • CIO INSIGHT • Microsoft WATCH • LINUX WATCH • RESOURCE LIBRARY

Home | Got a Tip? | Archive | All Blogs | eWeek Newsbreak

Home >> Apple >> Apple's Newly Patched WinSafari Springs New Leak

June 17, 2007 7:52 PM

Apple's Newly Patched WinSafari Springs New Leak

Security researcher Robert Swiecki has found yet another hole in WinSafari—this time in the newly patched 3.0.1 version that Apple hurried out in response to holes Swiecki and others found in the browser beta earlier last week.

This vulnerability can be exploited with a malicious Web site, where an attacker can fill in a victim's URL bar with whatever address he or she chooses. An attacker can also fill the client browser window with arbitrary content.

Swiecki tested the vulnerability on what he called the "shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2."

Another security researcher, Mark Senior, reported that he tested the vulnerability on OS X, Safari 2.0.4, OmniWeb 5.5.4, and Camino 1.0.3 but, although all "have different behaviors," none is vulnerable, he said.

Apple hadn't responded to requests for comment by the time this posted.

Posted by Lisa Vaas on June 17, 2007 7:52 PM

View all of Apple, Browsers, Flaws, Microsoft Windows

TrackBack

http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/11167

Comments (1)

phil reusche :

I have tried to download Safari on a couple of machines. It does not find any URL's. Firefox and IE
work fine.

Forget it.

Phil

Posted by phil reusche | June 19, 2007 5:07 PM

Subscribe:

RSS 2.0

Security News

Apple

Browsers

Cisco

Corporate espionage

Disaster Planning

eBay

Exploits and Attacks

Flaws

Google

Identity Theft

Intrusion Detection/Prevention

Mergers and Acquisitions

Microsoft Windows

Open Source

Oracle

Patches

Phishing and Fraud

Privacy

Product Reviews

Rootkits

Spam

Virus and Spyware

Vulnerability Research

Security Watch Contact Us | Advertise | Site Map

Security:
Enterprise Security
Network Security
Infrastructure Security
How To: Data
IT Security News
Cheap Hack Blog
Security Watch Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
PC Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel Partners
Careers Blog
Value Added Resellers

More eWeek Links:
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Green IT
eWeek Magazine Subscriptions

Enterprise Websites:
ZDE Home
Baseline
Channel Insider
CIO Insight
eSeminars
eWeek Mid-Market
Publish Online
Web Buyers Guide

Developer Websites:
Dev Shed
DeveloperShed
ASP Free
MS DevSource
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
iGrep Search Engine
PDF Zone
Linux Watch

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt, and eWeek Security Watch are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
Hosted by Hostway.

TrackBack

Comments (1)

Post a Comment