Windows Enterprise Desktop

Dec 23 2011   4:26PM GMT

Safari iFRAME Exploit Leads to Zero-Day BSOD, Possible Remote Execution at Kernel Level



Posted by: Ed Tittel
Tags:
Safari may be subject to serious zero-day exploit via iFRAME
Secunia reports arbitrary code execution at kernel level possible from Apple Safari iFRAME vulnerability

Secunia posted Advisory SA47327 earlier this week, which explains that a specially-crafted Web page instantly crashes 64-bit Windows 7 Professional running the Apple Safari Web browser for Windows. According to the advisory “The vulnerability is caused due to an error in win32.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an iFRAME with an overly large “height” attribute viewed using the Apple Safari browser.” The bulletin goes onto say that “successful exploitation may allow execution of arbitrary code with kernel-level privileges, presumably in the form of some post-crash recovery executable. The original discovery (and an instance of an “overly large value” appears in a Twitter post from 12/18/2011 by @w3bd3vil aka “webdevil”).

Here’s a novel workaround for those concerned about this vulnerability until Apple comes out with a fix: turning on Developer Tools in Safari apparently eliminates iFRAME support (see this Apple Support Communities discussion: “iFrame works until I turn on developer tools in Safari…” for more information and instructions). OTOH, hackademix.net states that “Safari can’t be secured 100% against clickjacking” so one had better hope that this workaround truly turns off iFRAME altogether (hurry up testing on my three PCs with Safari installed appear to confirm this, albeit in a very small sample).

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: