Posted on 02/03/2015 12:12:35 PM PST by Swordmaker
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Do you know what a "Sandbox" means? The most the vulnerability can do is CRASH Safari. That is all any code execution can do. . . it cannot reach the OS or any other data or apps running. Just exactly what I told you. Not much.
Yes, I am a professional software developer, and I know what a "Sandbox" is. And I know the code it the typical browser is so complicated that its impossible to know exactly what it does, especially since they accept "broken HTML" by choice.
That's why Safari's sandbox has been bypassed before, as in the case with this vulnerability (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism ...).
And don't think I am taking this out on Macs, because I just happen to own a few, and my primary dev box is a MacBook Pro with Yosemite.
My point is, running remote code in a browser is dangerous, period.
And Safari is Version 8.0.3
NetFlix runs fine on iPads and iPhones no Flash involved.
Didn’t Steve Jobs express his “disdain” for Flash? Didn’t he warn of both the resource hogging and security vulnerabilities it opened up - all as just part of why he chose to not support Flash directly?
Are Adobe programmers former MS employees? Good grief!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.