Apple + Security & Privacy

Secunia is reporting that a highly critical Safari flaw has been found that affects Safari for Windows, and that may affect the Mac version of the web browser.

The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.

For now, this is reported on Safari 4.0.5 for Windows, but it is highly possible that it affects the Mac version as well, since the two programs share a large part of their code base. We’re keeping an eye on this to see how it progresses, as this is the kind of vulnerability that can be exploited when a user simply visits a web page.