Nineteen days after Safari allowed a hacker to gain access to OS X, Apple released a browser patch. The patch also fixes a cross-site scripting vulnerability. The contest attack appears to have been a result of a heap overflow due to the way WebKit handles JavaScript regular expressions.
Apparently, the contest results have been the same for two years in a row, according to Slashdot. Looking deeper, though, last year's exploit was due to a QuickTime vulnerability that was accessed from Safari, not Safari itself.
No comments:
Post a Comment