Posted by: Ed Tittel
Safari may be subject to serious zero-day exploit via iFRAME, Secunia reports arbitrary code execution at kernel level possible from Apple Safari iFRAME vulnerability
Secunia posted Advisory SA47327 earlier this week, which explains that a specially-crafted Web page instantly crashes 64-bit Windows 7 Professional running the Apple Safari Web browser for Windows. According to the advisory “The vulnerability is caused due to an error in win32.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an iFRAME with an overly large “height” attribute viewed using the Apple Safari browser.” The bulletin goes onto say that “successful exploitation may allow execution of arbitrary code with kernel-level privileges, presumably in the form of some post-crash recovery executable. The original discovery (and an instance of an “overly large value” appears in a Twitter post from 12/18/2011 by @w3bd3vil aka “webdevil”).
Here’s a novel workaround for those concerned about this vulnerability until Apple comes out with a fix: turning on Developer Tools in Safari apparently eliminates iFRAME support (see this Apple Support Communities discussion: “iFrame works until I turn on developer tools in Safari…” for more information and instructions). OTOH, hackademix.net states that “Safari can’t be secured 100% against clickjacking” so one had better hope that this workaround truly turns off iFRAME altogether (hurry up testing on my three PCs with Safari installed appear to confirm this, albeit in a very small sample).