Apple's Safari browser contains a critical, unpatched bug that attackers can use to infect Windows PCs with malicious code, researchers at US-CERT and other security firms said today.
Hackers could compromise PCs with simple "drive-by" attack tactics, researchers added.
The vulnerability, first reported by Danish vulnerability tracker Secunia and confirmed by the United States Computer Emergency Readiness Team (US-CERT), was disclosed by Polish researcher Krystian Kloskowski on Friday. The bug is caused by an error in the handling of the browser's parent windows.
"This can be exploited to execute arbitrary code when a user visits a specially-crafted Web page and closes opened pop-up windows," said Secunia's alert.
More: http://pcworld.com/article/196033/
Hackers could compromise PCs with simple "drive-by" attack tactics, researchers added.
The vulnerability, first reported by Danish vulnerability tracker Secunia and confirmed by the United States Computer Emergency Readiness Team (US-CERT), was disclosed by Polish researcher Krystian Kloskowski on Friday. The bug is caused by an error in the handling of the browser's parent windows.
"This can be exploited to execute arbitrary code when a user visits a specially-crafted Web page and closes opened pop-up windows," said Secunia's alert.
More: http://pcworld.com/article/196033/