funsec mailing list archives
Serious Flaw on OS X in Apple Safari
From: "Fergie" <fergdawg () netzero net>
Date: Tue, 21 Feb 2006 01:09:06 GMT
Via The SAN ISC Daily Handler's Diary. [snip] We received notice from Juergen Schmidt, editor-in-chief at heise.de, that a serious vulnerability has been found in Apple Safari on OS X. "In its default configuration shell commands are execute[d] simply by visting a web site - no user interaction required." This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website. Full text of the article: http://www.heise.de/english/newsticker/news/69862 Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html [snip] http://isc.sans.org/diary.php?storyid=1138 - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Serious Flaw on OS X in Apple Safari Fergie (Feb 20)
- Re: Serious Flaw on OS X in Apple Safari Anthony Rodgers (Feb 20)
- RE: Serious Flaw on OS X in Apple Safari Larry Seltzer (Feb 20)
- Re: Serious Flaw on OS X in Apple Safari Anthony Rodgers (Feb 20)
- RE: Serious Flaw on OS X in Apple Safari Larry Seltzer (Feb 20)
- <Possible follow-ups>
- Re: Serious Flaw on OS X in Apple Safari Fergie (Feb 20)
- RE: Serious Flaw on OS X in Apple Safari Fergie (Feb 20)
- Re: Serious Flaw on OS X in Apple Safari Anthony Rodgers (Feb 20)