A previously undiscovered security vulnerability affecting the Windows and possibly the Mac versions of Safari has been uncovered by the United States Computer Emergency Readiness Team, or US-CERT. The flaw allows for the possibility that hackers can run malicious code remotely if the user accesses a web page with corrupted JavaScript data.
More specifically, the issue exists because Safari allows HTML DOM window references to exist even after the necessary window object has been deleted. The rogue window reference can be used to run code via JavaScript.
Although exploits for this vulnerability have been seen “in the wild,” Apple has yet to fix the problem. Users of the Windows and Mac versions of Safari may be vulnerable until a patch is released. Users can protect themselves by disabling JavaScript, avoiding suspicious links, or running Safari in a non-administrative user account, which would prevent malicious code from performing the type of sensitive operations that require the admin account to be active.
Related posts:
- Two-Year-Old Safari Vulnerability Still Unpatched
- Java Security Updates for Mac OS X
- Mac Security Updates for Safari and Chrome
- Apples Addresses Security Vulnerabilities on Safari 4.0.5 for Windows and Mac
- Oracle Issues Security Spot For Espresso Vulnerability
