Security Bugs Found In Apple Safari, Opera Browser
The Apple Safari vulnerability occurs in the way the parent windows are handled, which can result in a "function call using an invalid pointer," according to a Secunia advisory Monday.
Attackers can subsequently exploit the vulnerability by creating a malicious Website and enticing users to visit the page, typically through some kind of social engineering ploy. Users will then download malicious code onto their computer by visiting the site and closing opened pop-up windows.
Thus far, the glitch is confirmed in Safari 4.0.5 for Windows, but other versions may be affected.
Apple has yet to issue a patch for the vulnerability. The U.S. Computer Emergency Readiness Team suggests that users disable the JavaScript function until a fix is released. However, the best advice Secunia can give to users is to avoid visiting untrusted or unsolicited links to Websites.
Meanwhile, Safari isn’t the only browser riddled with security bugs. Opera also warned users Monday about an “extremely severe” security flaw in its browser that could also expose users to remote code execution attacks and system crashes.
"Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed," the Opera advisory warned.
The vulnerability, affecting both Windows and Mac, was repaired with the updated Opera 10.53.