Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Microsoft

ozmanjusri's Journal: Safari flaw could allow remote code execution on Windows

Journal by ozmanjusri
Microsoft is warning that the flaw in Apple's Safari browser which we discussed here can be used to run malicious code on client computers.

Security researcher Aviv Raff used an existing flaw in Microsoft's internet explorer in the exploit, which was demonstrated to tech journalists.

IDG News Service tested Raff's demonstration attack code, which runs Windows Calculator on a victim's system. For the attack to work, a victim must first visit a maliciously crafted Web page with the Safari browser, which in turn will trigger the carpet bombing attack and exploit the IE flaw.

The flaw, which was originally reported the IE flaw to Microsoft more than a year ago, is rated as a moderate vulnerability, as is that of Safari. When combined however, they produce a critical flaw which allows remote code execution.

This discussion has been archived. No new comments can be posted.

Safari flaw could allow remote code execution on Windows

Comments Filter:

If at first you don't succeed, you must be a programmer.

Working...