|Home » Industry Watch » The Technological
Safari Exploit Runs Windows Calculator
The sky has not fallen.
A number of sites have already published news of the proof of concept, claiming it's not known if this affects Safari on other platforms. But as things stand, it doesn't - the exploit was specifically crafted for Windows XP SP2 and only tested there.
The exploit does not seem to make any attempt at privilege escalation.
The proof of concept code has been published - it's contained in two HTML files. The first file simply opens the second as a popup and then closes it.
The comments to the second file reveal the following.
Apple Safari 4.0.5 parent.close() (memory corruption) 0day Code Execution Exploit
Bug discovered by Krystian Kloskowski (h07) <firstname.lastname@example.org>
Tested on: Apple Safari 4.0.5 / XP SP2 Polish
Shellcode: Windows Execute Command (calc)
Remote: Yes (POPUP must be enabled [Ctrl+Shift+K])
Just for fun ;)
Note the code is Windows-specific.
Apple haven't commented but it remains to be seen whether this code can be rewritten to hack at OS X. As OS X does not support Windows Calculator, things are calm for the moment.
El Reg quote good old Secunia as saying the vulnerability is 'highly cfical' [sic]. One interpretation is the mysterious phrase actually stands for 'highly superficial'.
But if this bottoms out in an error in WebKit then one may expect a fix in no time.
[Note: Secunia seem reluctant to openly disclose what platforms are affected. See the link below.]
The Register: Code-execution bug found in Apple Safari
US-CERT: Apple Safari window object invalid pointer vulnerability
Secunia: Apple Safari 'parent.close()' Code Execution Vulnerability