Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers. Download this whitepaper now and get a chance to receive FREE XenServer HP Select Edition Software. Sponsored by HP, Citrix, and Intel.

Rethinking the Datacenter Sponsored by HP Today's datacenters need to increase utilization, get control over power and cooling costs, and align with business objectives. Download this eBook to learn about the challenges facing the data center in a world where digital information is growing at a torrid pace and costs are being held in check. Learn more. »     Putting the Green into IT Sponsored by HP Electricity use in data centers is skyrocketing, sending energy bills through the roof, creating environmental concerns and generating negative publicity. "Going Green" means looking to technologies like virtualization, energy-efficient chips and racks, and implementing policies that extend beyond the data center. Learn more. »     Managing the Modern Network Sponsored by HP In a global economy where information crosses the globe in an instant, and where Web-based applications power business, it's more important than ever to ensure your network is safe from threats and optimized to deliver the data your business needs. »     Evaluating Software as a Service for Your Business Sponsored by Webroot Is Software as a Service just hype, or is something really going on here? See if your company can benefit as SaaS tries to change the face of the enterprise. »     Is Your Disaster Recovery Plan Good Enough? Sponsored by HP Preparing for a disaster is more often than not part of the storage planning process, and it is one of the most difficult tasks, since it includes local hardware and software, networking equipment, and a test plan. Learn how to get disaster recovery right. »

eSecurity Glossary biometrics encryption keylogger malware phishing RFID security spyware virus worm Search for more eSecurity terms ...

FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Apple's Safari Still a Sitting Duck?
February 24, 2006
By Sean Michael Kerner

For a typical Windows user, seeing a US-CERT advisory for an OS flaw is not a rare experience.

Welcome to the party, Mac users. US-CERT has issued a Cyber Security for you now, too.

US-CERT Cyber Security Alert SA06-053A follows the center's vulnerability note, which addressed the recently discovered Mac OS X Safari Command Execution Vulnerability.

At press time, the exploit remains unpatched, and, if appropriate precautions are not taken, it could lead to arbitrary code being run on a Mac automatically via Apple's Safari Web browser if a user visits a malicious site.

An Apple spokesman told internetnews.com that Apple takes security very seriously and is currently working on a fix so that this doesn't become something that could affect customers.

The spokesperson advised that Mac users should exercise discretion and only accept files from vendors and Web sites that they know and trust.

There are apparently a few public exploits for the vulnerability currently roaming at large.

"IDefense has reported on public exploits for this vulnerability, such as the Metasploit Framework safari_safefiles_exec.pm code," Ken Dunham director of the Rapid Response Team at iDefense, told internetnews.com.

Metasploit is an open source tool that greatly simplifies vulnerability testing of exploit code.

"This increases the likelihood of exploitation, but widespread exploitation has not been identified to date," Dunham added.

This article was first published on InternetNews.com. To read the full article, click here.

Tools:

Add www.esecurityplanet.com to your favorites Add www.esecurityplanet.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed

eBook: Evaluating Software as a Service for Your Business. Sponsored by Webroot
Increase your reach with unlimited Webinars for one low rate. Try GoToWebinar FREE.
Is secure, available data a challenge? Try Symantec Online Backup free for 30 days.
Learn about expanding business opportunities for the reseller channel. Visit IT Channel Planet.
Whitepaper: Enterprise Information Integration--Deployment Best Practices for Low-Cost Implementation