New Remote Flaw In 64-Bit Windows 7 284
Trailrunner7 writes "Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia. In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim's machine."
Headline.. Flaw in APPLE Safari for windows found (Score:4, Insightful)
Re:So all 5 of you running Safari on Windows (Score:5, Insightful)
So, wait, is this a Win7 exploit or a Safari exploit?
Re:So all 5 of you running Safari on Windows (Score:5, Insightful)
Re:So all 5 of you running Safari on Windows (Score:4, Insightful)
It shouldn't matter.
The OS simply should not melt because Apple can't code it's way out of a wet paper bag.
A real OS should simply not fall apart just because the users or programmers are idiots or malicious.
It's an Apple exploit. (Score:3, Insightful)
Shouldn't the posting have the Apple graphic instead of Microsoft?
Re:So all 5 of you running Safari on Windows (Score:5, Insightful)
Perhaps both, definitely a bug in win7. If something the unprivileged safari process does crashes the kernel, we know there must be a bug in win7.
Re:So all 5 of you running Safari on Windows (Score:4, Insightful)
That's going to be one hell of a locked down OS. Will it be able to run anything at all?
I don't think I'd call this remote (Score:5, Insightful)
Remote to me means "it's connected, you're vulnerable". This requires the user to take an action, getting some local data. From the description, you could have the same files on the file system and it would work.
Bad? Yeah. But not "plug it in, computer is pwned" bad.
Re:So all 5 of you running Safari on Windows (Score:3, Insightful)
Well so much for every operating system ever created.
Re:Silly (Score:5, Insightful)
Missing the point. Point is that userland code (and the example uses Safari but what should it matter *what* program activates it - it shouldn't be possible and can probably be easily activated by any sort of direct code) creates a BSOD in Windows.
That shouldn't happen - that's the whole point of an OS.
Re:So all 5 of you running Safari on Windows (Score:5, Insightful)
The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser.
So, they blame win32k.sys - but apparently the actual bug is that you can cause something resembling a buffer overflow by feeding Safari a ridiculously large bit of data as an iFrame.
Could go either way.
Should go both ways.
Apple should fix the Safari bug so it doesn't mishandle IFRAMEs with "overly large" "height" attributes.
Microsoft should fix the in-kernel graphics code so you can't use it to break into the system.
Re:So all 5 of you running Safari on Windows (Score:2, Insightful)
It didn't cause a crash, it allowed the execution of arbitrary code, which is probably worse.
We don't even know if the exploit occurred in the windows API, or some of the crapware that Safari drags along with it.
None of the other WebKit browsers can cause the same exploit so it may well not be in the core of safari at all, but rather in one of the helper drivers that get installed when you install Safari and iTunes, like Bonjour or ipod helper processes. Some of those things can't be easily sandboxed because they install as drivers.
This isn't the first instance of Safari being a vector to a windows vulnerability.
Re:So all 5 of you running Safari on Windows (Score:2, Insightful)
Depends on the context that that code runs in. If the arbitrary code is running under the same context as the app, then it's an app exploit. If the exploit is able to run something in an Administrator or kernel context, then that's an OS exploit.
Re:So all 5 of you running Safari on Windows (Score:2, Insightful)
Re:So all 5 of you running Safari on Windows (Score:4, Insightful)
Microsoft should fix the in-kernel graphics code so you can't use it to break into the system.
As a game developer, I need graphics code to be low level, fast, and insecure. There are times I just need it to be a rocketship without handrails.
If there is a way to secure it without sacrificing speed, that's great! But doing a great deal of error checking on that level? Leave me some insecure route to blitting billions of bits to the screen without guardrails please.
Sure, as long as 1) only the applications that absolutely positively need this do their graphics through that API and other apps can't even get at that API under any circumstances (so if the app has a bug nobody can inject code to enable it) and 2) applications that do can be marked as "DANGER DANGER WILL ROBINSON IF THIS APP HAS A BUG YOU MIGHT BE SERIOUSLY PWNED". There might be a tradeoff between your requirements and the requirements of security, and the best resolution for that tradeoff might not be in your favor....