Free Republic
Browse · Search
General/Chat
Topics · Post Article


1 posted on 01/15/2009 1:39:43 AM PST by Swordmaker
[ Post Reply | Private Reply | View Replies ]


To: 1234; 50mm; 6SJ7; Abundy; Action-America; acoulterfan; aristotleman; af_vet_rr; Aggie Mama; ...
Mac OS X.5 Leopard and Windows Safari RSS security issue—PING!

This has not been vetted for legitimacy, but Brian Masterbrook does have a background in finding vulnerabilities. However, I suspect this is a buffer overflow type issue. If the RSS feeds use the regular data stack area, then there is little damage a buffer overflow could do because on Macs the data stack is non-executable. Any malicious command imbedded in the overflow could not execute. Also, the command locations, say for the system command to load or open a file, are randomized so that any such command to jump to a system calls would land purely randomly and be unlikely to hit on anything damaging.

Windows Safari users might be more at risk.


Apple Safari Ping!

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 01/15/2009 1:50:39 AM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Swordmaker
The only workaround available for users of Safari on Windows is to use a different web browser.
Love it !
3 posted on 01/15/2009 1:52:24 AM PST by ComputerGuy (not my real name)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Swordmaker

I really like Firefox on my MacBook Pro


4 posted on 01/15/2009 6:22:57 AM PST by Tribune7 (Obama wants to put the same crowd that ran Fannie Mae in charge of health care)
[ Post Reply | Private Reply | To 1 | View Replies ]

Free Republic
Browse · Search
General/Chat
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson