Posted by: Samker
« on: 27. March 2008., 09:49:20 »An Argentinian security researcher has discovered two flaws in Apple's Safari for Windows browser.
Juan Pablo Lopez Yacubian said the vulnerabilities could allow hackers to remotely take control of a victim's computer.
He described the most serious flaw as a vulnerability in the Safari browser for Windows 3.1 which allows a hacker to “falsify the web address and enter another page or content".
This essentially means that even though you see a trusted URL in the browser address bar, the web page could be displaying unauthorised content that could put your PC at risk.
Security firm Secunia has given the flaws a 'highly critical' rating, the second highest rating on its scale.
The other flaw, said Secunia, is an error that occurs when downloading files with an overly long filename, which can be exploited to cause a memory corruption which could in turn allow a hacker to take control of the PC.
The problems are currently unpatched and Apple would not comment on the matter when approached by Web User.
The discovery follows criticism from Mozilla, developers of the Firefox browser, over the inclusion of the Safari browser in a software update issued by Apple to people who use iTunes on Windows-based PCs.
John Lilly, chief executive of Mozilla, said that it was "wrong" to push the browser on people who were simply trying to update iTunes.
"It undermines the trust relationship great companies have with their customers, and that's bad - not just for Apple, but for the security of the whole web," he wrote on his blog.
Safari version 3.1 was released by Apple last week.
(Copyright by IPC Media Limited)