Sign in with
Sign up | Sign in
Your question
Closed

New Remotely Exploitable Vulnerability Found in 64-bit Win7

Tags:
  • Windows 7
Last response: in News comments
Share
a b $ Windows 7
December 22, 2011 8:06:57 AM

Only on Safari?
Score
23
December 22, 2011 8:10:13 AM

Quote:
An independent researcher has discovered a remotely exploitable vulnerability in Windows 7 that's linked to Apple's Safari browser.


Who the hell uses Safari on Windows? :lol:  Dismissed!
Score
36
Related resources
a b $ Windows 7
December 22, 2011 8:14:42 AM

Well, it had to be the best Antivirus in town too.... :) 
Score
0
December 22, 2011 8:16:08 AM

I think this is a move from Apple to screw Microsoft :lol: 
Score
22
December 22, 2011 8:19:39 AM

nice try apple but we arent that stupid :non: 
Score
24
December 22, 2011 8:23:14 AM

Safari - ahahahahahahahaha
Score
26
December 22, 2011 8:27:37 AM

The actual vulnerability is in the NtGdiDrawStream function in the win32k.sys.

Other browsers or programs that call this function might be vulnerable, too.
Score
12
December 22, 2011 8:37:45 AM

nikorrOnly on Safari?

Quote:
So far there's no indication that the three most popular browsers -- Internet Explorer (40.63-percent), Chrome (25.69-percent) and Firefox (25.23-percent) -- share a similar vulnerability when used in Windows 7.
Score
3
December 22, 2011 8:38:40 AM

Who the hell actually uses safari in windows? herpaderp.
Score
23
December 22, 2011 8:41:06 AM

amk-aka-phantomWho the hell uses Safari on Windows? Dismissed!

Quote:
As of November 2011, the Safari browser commanded only 5.92-percent of the browser market, so there doesn't seem to be a potential widespread problem.

Not that many, apparently. I installed it once just to see it, but have since then have had to reformat my computer due to a black screen, which I'm sure is unrelated, considering I never launched Safari since I'd installed and looked at it.
Score
4
December 22, 2011 8:43:03 AM

If this is a Safary only issue, it is a no problem, actually. market share of Safari in Windows 7 is irrelevant, though I'm sure MS will address the issue as if it was an actual menace.
Score
13
December 22, 2011 9:18:38 AM

not too long ago, when i went to a review website, one of the ads tried to execute a malformed java, inturn to run a exe file threw safari. Well the exe file terminated as I have execution disable bit enabled on my athlon 64bit/Vista 64bit.

I reported the virus to microsoft. And it was one they never sae yet.

So I say, safari has their proplems. Also upgrading to the latest version of safari, bricks your itunes/safari, so it can't access the internet. THe new safari uses multiple threads to download from the internet and render pages, well that engine has bugs and wont work on all computers, so I had to downgrade my safari.

I am just thankful for execution disable bit.
Score
2
December 22, 2011 9:46:47 AM

Microsoft: We have a workaround .. delete anything from Apple that may be on your system.
Score
18
December 22, 2011 10:08:42 AM

qefxMicrosoft: We have a workaround .. delete anything from Apple that may be on your system.


Straight! Hate servicing Windows machines with Apple software installed - a ton of junk in the Startup that has to be disabled... "NO, don't touch this, this is APPLE, this is for my iPod!!!" - if you're dumb enough to install all that bloatware for your iPod, at least make sure that it doesn't spawn 10 more things to slow down your system like it normally does.
Score
11
December 22, 2011 10:28:54 AM

Surely this is a Safari exploit and not a Windows one, otherwise all browsers would be affected?
Score
4
December 22, 2011 11:01:44 AM

DaveUKSurely this is a Safari exploit and not a Windows one, otherwise all browsers would be affected?


In the interest of playing devils advocate, based solely on the article (specifically this line: ""The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.") I'd say they simply haven't tested for it on other browsers/versions of Windows. While that doesn't mean other browsers ARE affected, it also doesn't mean they AREN'T.

We'll have to wait and see what these researchers find.

Also, I laughed inside when Kevin made a point to say "independent" researchers. There's almost no such thing anymore.
Score
1
December 22, 2011 11:06:41 AM

Windows is a Swiss OS, always has been. If not no third party program could get kernel privileges. I'll stick with Linux or OS X for my real computing and leave Windose for games.
Score
-4
December 22, 2011 11:20:18 AM

So Apple creates a vulnerability in Windows and you title the article:

"New Remotely Exploitable Vulnerability Found in 64-bit Win7"

Shouldn't a more responsible title be "Apple's Safari Browser creates New Remotely Exploitable Vulnerability when used on 64-bit Win7"

Trying to blame MS for an Apple created issue, pretty weak writing.
Score
3
December 22, 2011 11:40:17 AM

I use vista 64 ulltimate(stop laughing at me) am i also effected?
Score
3
December 22, 2011 11:46:38 AM

silentbobdcSo Apple creates a vulnerability in Windows and you title the article:"New Remotely Exploitable Vulnerability Found in 64-bit Win7"Shouldn't a more responsible title be "Apple's Safari Browser creates New Remotely Exploitable Vulnerability when used on 64-bit Win7"Trying to blame MS for an Apple created issue, pretty weak writing.


The vulnerability is actually in a function that's part of Windows.

If Safari can call that function and execute arbitrary code, then so can other programs.
The vulnerability is there and crafty hackers will find ways to exploit it if Microsoft gives them enough time.
Score
5
December 22, 2011 12:41:03 PM

shqtth...a[n] exe file threw safari...

How far did the exe throw it? Did it throw it through a wall or something?
Score
6
December 22, 2011 1:33:36 PM

Big image in Safari and API function call, NtGdiDrawStream

// Private draw stream interface
__kernel_entry W32KAPI BOOL APIENTRY
NtGdiDrawStream(
__in HDC hdcDst,
__in ULONG cjIn,
__in_bcount(cjIn) VOID *pvIn
);

I am sure all the hackers need to do is launch some sort of kenel monitor andd see how Safari uses this function, the check other browsers, javascript, etc and find a way to emulate the same "blow the stack" condition.
Score
3
December 22, 2011 1:49:02 PM

and people always asked why i hate safari... and it also said this vulnerability was in windows 7 pro. not home premium or ultimate, most peopel that aren't on business computers dotn use pro. (i said MOST, dont troll)
Score
0
a b $ Windows 7
December 22, 2011 2:25:12 PM

People use safari on windows?
Score
4
December 22, 2011 2:37:36 PM

Apple software always causes my Windows 7 machines to have issues. This is just another example of their poor programming for Windows platform
Score
0
December 22, 2011 2:50:12 PM

I use it for developing sometimes...
Score
0
December 22, 2011 4:45:04 PM

This is a security flaw similar to what Charlie Miller has been taking advantage of at the PWN2OWN contests for the past couple of years. Basically, Safari can run any application or code unchecked on any device it has been installed on.

Old news is no news. Then again this news has nothing to do with a flaw in Windows. It's a flaw with Safari.
Score
-2
December 22, 2011 4:46:34 PM

amk-aka-PhantomWho the hell uses Safari on Windows? Dismissed!

I use to use Safari on Windows. Till i took a sword to the chest.
Score
1
December 22, 2011 5:46:18 PM

sissysueWindows is a Swiss OS, always has been. If not no third party program could get kernel privileges. I'll stick with Linux or OS X for my real computing and leave Windose for games.


In hacking competitions, OS X is ALWAYS the first to go down. Why? Because of Safari. None of the big boys (Linux, Windows, OS X) are breakable in a stripped down system with nothing but essential software. OS X goes down in the Tier 2 test where all standard installed software for the given OS is included while Windows and Linux remain unbroken.
Score
3
a b $ Windows 7
December 22, 2011 6:15:04 PM

Another reason to stay away from Safari. I use Chrome myself.
Score
1
December 22, 2011 6:23:23 PM

It just works... doesn't it?
Score
5
December 22, 2011 7:20:08 PM

here is the flaw " Apple Safari browser"....when is apple going to admit that their OS is shit?
Score
-2
December 22, 2011 7:24:09 PM

datawreckerThen again this news has nothing to do with a flaw in Windows. It's a flaw with Safari.


Cripes... did you read the article? The OS is not supposed to allow an application -- even a turd application like Safari -- to gain privileged mode.
Score
2
December 22, 2011 9:27:29 PM

Windows and Safari don't belong in the same sentence
Score
1
December 22, 2011 10:01:11 PM

Easy fix for MS... they should do what Apple did to Adobe Flash and prevent Safari (or any other Apple trash) from running on Windows.
Score
1
December 23, 2011 12:52:13 AM

Here's the thing about this: WinRT in Windows 8 will make this, and many other exploits impossible. Apple will have to start over with iTunes to really make it shine on Windows for Metro UI - and they have to, because Windows users are their biggest customer base.
Score
0
Anonymous
a b $ Windows 7
December 23, 2011 2:26:27 AM

sitting here, reading this, in safari, on windows 7 home premium 64 bit...
Score
0
December 23, 2011 3:05:56 AM

datawrecker said:
I use to use Safari on Windows. Till i took a sword to the chest.


You mean, an arrow to the knee :lol: 
Score
1
December 23, 2011 11:48:38 AM

So basically, this exploit affects the 10 people that have Safari for Windows installed?
Score
2
December 23, 2011 9:15:32 PM

Apple Safari browser in Windows.. YUCK
Score
1
December 24, 2011 10:38:14 AM

soundping said:
Apple Safari browser in Windows.. YUCK


Fixed!

Wait...

soundping said:
Apple Safari browser in Windows.. YUCK


NOW fixed for real.
Score
2
January 3, 2012 12:20:49 PM

damn....who the hell uses Apple's bullshit on Windows...to hell with Apple and their software.It's Windows territory...there's Chrome,Firefox,Opera and many other browsers available...to hell with ...err...what was that called....right..Safari...
Score
0
!