The security issue affects current version of Safari (v. 4.0.5) for Microsoft Windows (confirmed) and probably for Mac. Earlier versions of Safari might also be vulnerable. Successful exploitation of the issue leads to remote code execution or exposure of victim’s private data. Secunia has released advisory SA39670, which explains that the flaw exists because of ‘a use-after-free error when handling pop-up boxes created from a child window’ which can result in a function call using an invalid pointer. It is also stated that it ‘can be exploited to execute arbitrary code when a user visits a specially crafted web page’. Another issue mentioned is that Safari includes HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain (e.g. via a “Location” header).

Secunia’s advisory includes the full exploit code available to public in Original Advisory section. The vulnerability is not patched yet, so Secunia advices Safari users to disable Javascript, do not follow unsolicited links and do not authenticate to sites which use redirections using HTTP basic authentication.

CVE Reference: CVE-2010-1939

Miller and some of his colleagues found a vulnerability in the mobile version of the well known web browser Safari that would allow an attacker to control the iPhone. Apple was immediately notified and later issued a patch for the bug.

The significance of Miller’s finding is that it works with unpatched versions of the iPhone as the devices are sold in stores. Researchers have shown a greater ability to manipulate iPhones that are “jailbroken,” the term for phones that have been modified to allow installation of applications not vetted by Apple. Those jailbroken phones have fewer protections on the device’s memory, Miller said.

He also contends that the latest version of the iPhone OS is pretty secure. But now that knowledge of the vulnerability is out there, you can be sure that someone will be trying to find a way to take advantage of it.