US-CERT uncovers JavaScript security vulnerability in Safari
The United States Computer Emergency Readiness Team (<a href="http://www.us-cert.gov/">US-CERT</a>) has found a security hole in Safari, with which a hacker could run arbitrary code at the privilege level of the current user account if the victim visits a malicious Web page.
The United States Computer Emergency Readiness Team (US-CERT) has found a security hole in Safari, with which a hacker could run arbitrary code at the privilege level of the current user account if the victim visits a malicious Web page.
Outlined Monday on the CERT Web site, this problem happens because Safari fails to properly handle references to window objects in the HTML DOM, and allows DOM window references to exist even if the corresponding window object has been deleted. The remaining reference pointer can be used by JavaScript to run code and be used to exploit the user. Apparently there are already public exploits available for this vulnerability.
So far the problem has been confirmed to be on the Windows version of Safari; however, it could also exist on the Mac.
There are no known fixes as yet, and it will be up to Apple to fix the problem fully with a Safari update. In the meantime, there are several things you can do to both reduce the potential harm from exploits of this vulnerability, as well as prevent it from being used.
Use nonadministrative accounts.
This vulnerability is only able to run code with the permissions of the current user on the system. If you are using an administrative account, then there is more potential for harm from an exploit.
Disable Javascript.
Unfortunately most Web sites use JavaScript, but disabling it definitely prevent this problem from occurring. One option may be to disable JavaScript, and then when you visit a Web site that uses JavaScript, enable it just for that session. This would be time-consuming, but it's one way to prevent an exploit from running.
Be wise.
The best advice for any browser, is to not follow random links from spam, forums, chat rooms, or pop-up windows. Check the spelling of links (you can right-click and copy them to better examine them) and see if there are any misspellings, the use of offshore hosting servers, use of IP addresses instead of DNS names, and very long URLs. If any of these exist in a link, avoid them. If you are looking for a specific company, use a reputable search engine or go directly to the company's Web site.
Regardless of the vulnerability, if you are not browsing malicious Web sites, then your risk will be minimal.
Questions? Comments? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.