US-CERT Alert: Public Exploit Code for a Vulnerability in Apple Safari Browser, Remortgages

US-CERT Alert: Public Exploit Code for a Vulnerability in Apple Safari Browser

US-CERT Alert: Public Exploit Code for a Vulnerability in Apple Safari Browser

February 21, 2006 -- US-CERT is aware of publicly available exploit code for a vulnerability in Apple Safari Browser. The Apple Safari browser will automatically open "safe" file types, such as pictures, movies, and archive files. A system may be compromised if a user accesses an HTML document that references a specially crafted archive file. Successful exploitation may allow a remote, unauthenticated attacker to execute arbitrary commands with the privileges of the user.
More information can be found in the following US-CERT Vulnerability Note:

* VU#999708 - Apple Safari may automatically execute arbitrary shell commands

Although there is limited information on how to fully defend against this exploit, US-CERT recommends the following mitigation:

* Disable the option "Open 'safe' files after downloading," as specified in the Securing Your Web Browser document.

We will continue to update current activity as more information becomes available.

Source: US-CERT

[ Comment, Edit or Article Submission ]

Remortgages

US-CERT Alert: Public Exploit Code for a Vulnerability in Apple Safari Browser

US-CERT Alert: Public Exploit Code for a Vulnerability in Apple Safari Browser

Share this:

More about:

New Posts on Blog

References: