[Thane_Banquo]

when opened in Apple's Safari web browser

Then the title should read "Apple's Safari has critical security flaw," but of course the Apple iPologist press would never admit that.

[ShadowAce]

Then the title should read...

While I am no fan of Apple, the title is correct.

An application should not be able to crash the system.

[dayglored]

> Then the title should read "Apple's Safari has critical security flaw," but of course the Apple iPologist press would never admit that.

Oh, bull. A userland application like Safari (or any other application) should be able to make a mistaken, stupid, or malicious system call (e.g. "Crash System NOW") and the operating system should refuse to do so. It's the OS's responsibility to refuse to do bad things.

What if the "application" were a malicious piece of software? You're really claiming that the "security flaw" is in the hacker's code?

Geez, fella. Learn something about computer security before you make stupid accusations.

[st.eqed]

Ok, so what happens when the same html is run on OS X? Windows flaw.

[Michael Barnes]

Incorrect. There is a flaw in the kernel allowing user space applications to fault memory, Safari just happens to be the app that has uncovered it.

[cynwoody]

Then the title should read "Apple's Safari has critical security flaw," but of course the Apple iPologist press would never admit that.

Safari is just an application. It takes a Windows apologist to advocate patching a system security hole by changing an application. If Windows were not broken, Apple's app would simply have crashed. There would have been no blue screen and no opportunity for a hacker to own the system.

The blame is 100% on Microsoft. Apple deserves kudos for exposing the hole (intentionally or not, LOL)!

[xkcd2]

The problem is Windows' failure to properly respond to the bad HTML. The specific browser is beside the point -- no browser should be able to pass that kind of bad code to a properly functional OS.