Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

A simple HTML tag will crash 64-bit Windows 7
The Register ^ | John Leyden

Posted on 12/21/2011 10:18:07 AM PST by ShadowAce

An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash.

The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.

Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in Apple's Safari web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death.

The offending script is just an IFRAME tag with an overly large height attribute. Although Safari is required to spark the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine. Microsoft is now investigating the vulnerability, which was first reported by Twitter user w3bd3vil, although the software giant is racing against hackers tracing the code execution path to discover the underlying vulnerability in Windows 7.

A video of the Safari-triggered crash along with the HTML PoC can be seen here. Other exploit scenarios might also be possible. ®


TOPICS: Computers/Internet
KEYWORDS: collapse; computersecurity; default; depression; economy; hackers; html; vulnerability; windows
Navigation: use the links below to view more comments.
first 1-5051-56 next last

1 posted on 12/21/2011 10:18:12 AM PST by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 12/21/2011 10:18:57 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
when opened in Apple's Safari web browser

Then the title should read "Apple's Safari has critical security flaw," but of course the Apple iPologist press would never admit that.

3 posted on 12/21/2011 10:22:29 AM PST by Thane_Banquo
[ Post Reply | Private Reply | To 1 | View Replies]

To: Thane_Banquo
Then the title should read...

While I am no fan of Apple, the title is correct.

An application should not be able to crash the system.

4 posted on 12/21/2011 10:23:39 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Thane_Banquo
> Then the title should read "Apple's Safari has critical security flaw," but of course the Apple iPologist press would never admit that.

Oh, bull. A userland application like Safari (or any other application) should be able to make a mistaken, stupid, or malicious system call (e.g. "Crash System NOW") and the operating system should refuse to do so. It's the OS's responsibility to refuse to do bad things.

What if the "application" were a malicious piece of software? You're really claiming that the "security flaw" is in the hacker's code?

Geez, fella. Learn something about computer security before you make stupid accusations.

5 posted on 12/21/2011 10:27:15 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

So....I have the 64-bit version in my Toshiba Satellite laptop. Is there some kind of patch or other fix available from Microsoft?


6 posted on 12/21/2011 10:28:15 AM PST by gimme1ibertee ("Criticism......brings attention to an unhealthy state of things"-Winston Churchill)
[ Post Reply | Private Reply | To 4 | View Replies]

To: ShadowAce

Microsoft always has a problem with a long jump to a far pointer

I have seen them screw that up every time


7 posted on 12/21/2011 10:29:36 AM PST by Mr. K (Physically unable to profreed <--- oops, see?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: gimme1ibertee

Any browser but Safari is your patch. And really who’s using the Apple browser on Windows.


8 posted on 12/21/2011 10:30:07 AM PST by discostu (How Will I Laugh Tomorrow When I Can't Even Smile Today)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Thane_Banquo

Ok, so what happens when the same html is run on OS X? Windows flaw.


9 posted on 12/21/2011 10:30:33 AM PST by st.eqed
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce
Ah, gotta love them Apple Haters.

The only people in God's Universe more rabid than Apple Cultists.

10 posted on 12/21/2011 10:31:57 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: ShadowAce
So who uses Safari as their browser on a Windows OS? I doubt Apple is too concerned about giving priority to that interoperability test.
11 posted on 12/21/2011 10:32:06 AM PST by NonValueAdded ("At a time like this, we can't afford the luxury of thinking!")
[ Post Reply | Private Reply | To 1 | View Replies]

To: discostu

Sounds like an easy fix to me.


12 posted on 12/21/2011 10:35:19 AM PST by BenKenobi (Honkeys for Herman! 10 percent is enough for God; 9 percent is enough for government)
[ Post Reply | Private Reply | To 8 | View Replies]

To: gimme1ibertee

Until something comes out, don’t use Safari.


13 posted on 12/21/2011 10:35:49 AM PST by RJS1950 (The democrats are the "enemies foreign and domestic" cited in the federal oath)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Thane_Banquo

Incorrect. There is a flaw in the kernel allowing user space applications to fault memory, Safari just happens to be the app that has uncovered it.


14 posted on 12/21/2011 10:35:51 AM PST by Michael Barnes (Obamaa+ Downgrade)
[ Post Reply | Private Reply | To 3 | View Replies]

To: NonValueAdded

I use Safari occasionally.

But after upgrading to Safari 5, I began having problems with the computer hanging up and deleted it from my Windows 7 64 bit computer.


15 posted on 12/21/2011 10:37:15 AM PST by Ole Okie
[ Post Reply | Private Reply | To 11 | View Replies]

To: NonValueAdded

For sure.


16 posted on 12/21/2011 10:39:43 AM PST by b4its2late (Only two things are infinite, the universe and human stupidity, and I am not sure about the former.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: dayglored

Are you saying Apple’s Safari is a malicious piece of software?

I agree with you....When you down load an executable, you either give it permission to run on your system or you don’t. The OS cannot protect itself from user inflicted dumbsh!tness.....you ignorant puffed up smidgeon of blowfish sh!t


17 posted on 12/21/2011 10:40:20 AM PST by Electric Graffiti (Crush your enemies, see them driven before you, and hear the lamentation of their Moonbats)
[ Post Reply | Private Reply | To 5 | View Replies]

To: ShadowAce
Exceptionally POOR testing at micro$oft !

18 posted on 12/21/2011 10:44:10 AM PST by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: gimme1ibertee

Yeah, that patch is called Linux.


19 posted on 12/21/2011 10:48:46 AM PST by BuckeyeTexan (Man is not free unless government is limited. ~Ronald Reagan)
[ Post Reply | Private Reply | To 6 | View Replies]

To: ShadowAce

So all 3 users of Safari are impacted. Yes this shouldn’t crash the system, but we do need to find out why it is before we blame MS. It will probably be a windows issue, but it is possible that safari introduced it.

Before anyone says a usermode app shouldn’t allow that...we don’t know if Safari did something at ring 0. It’s doubtful but it is possible.


20 posted on 12/21/2011 10:53:52 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

No the title is NOT correct. It should read Apple Safari web browser crashes Windows 7 x64.


21 posted on 12/21/2011 10:54:46 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Mr. K

Do you have valid examples of those problems going back to when Windows was written in C? It seems that Safari, an apple entity, has the problem here. Far pointers were common in Windows 3.1 and 16-bit windows in order to adequately access and utilize memory. With the advent of 32-bit systems and flat memory models the need for far pointers disappeared and specifying a pointer as far in 32 bit systems should generate an error. I believe that Win64 systems no longer support a Win16 sub-system so you should not be able to run Win16 apps on a 64-bit system.


22 posted on 12/21/2011 10:55:18 AM PST by RJS1950 (The democrats are the "enemies foreign and domestic" cited in the federal oath)
[ Post Reply | Private Reply | To 7 | View Replies]

To: dayglored

While this is most likely a Microsoft issue, it is possible that Safari installed itself in such a way to access Ring 0.


23 posted on 12/21/2011 10:56:45 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Thane_Banquo
Then the title should read "Apple's Safari has critical security flaw," but of course the Apple iPologist press would never admit that.

Safari is just an application. It takes a Windows apologist to advocate patching a system security hole by changing an application. If Windows were not broken, Apple's app would simply have crashed. There would have been no blue screen and no opportunity for a hacker to own the system.

The blame is 100% on Microsoft. Apple deserves kudos for exposing the hole (intentionally or not, LOL)!

24 posted on 12/21/2011 11:03:26 AM PST by cynwoody
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

Actually now that I watched the video and did a quick review of the blue screen it does look like a bug in win32k.sys.

It just took some of Apple’s shoddy code to expose some of Microsoft’s shoddy code.


25 posted on 12/21/2011 11:07:19 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 4 | View Replies]

To: ShadowAce

The fix is obviously to upgrade the operating system to OS X.


26 posted on 12/21/2011 11:09:46 AM PST by ctdonath2 ($1 meals: http://abuckaplate.blogspot.com/)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce; Thane_Banquo; dayglored; gimme1ibertee; Mr. K; discostu; st.eqed; NonValueAdded; ...

I am not a computer geek, but I have used a pc for almost 20 years now, and in those years I have seen the progression of pcs take me from knowing alot to making me stupid.

Currently I have a 64-bit pc runs with Vista’s OS. Before I purchased this pc, my old one used XP, and Safari was one of the browsers I used at times. So when I upgraded to this 64-bit with Vista I installed the software I wanted and Safari was the last thing I installed.

Well, within a week, my pc started shutting down and I even saw a few blue windows where IU was warned of problems. I immediately uninstalled safari and never had a problem again.

So the problem of Safari also seems to effect 64-bit windows that run Vista, at least it did for me. So to me this is nothing new.


27 posted on 12/21/2011 11:12:19 AM PST by OneVike (Just a Christian waiting to go home)
[ Post Reply | Private Reply | To 1 | View Replies]

To: OneVike

It wouldn’t surprise me. I don’t think the folks at Safari really intend for the program to be run under windows 7 et al. It’s true that an OS is supposed to work with most of what is there, it’s not the fault of the OS if a program crashes.


28 posted on 12/21/2011 11:22:15 AM PST by BenKenobi (Honkeys for Herman! 10 percent is enough for God; 9 percent is enough for government)
[ Post Reply | Private Reply | To 27 | View Replies]

To: ShadowAce
The offending script is just an IFRAME tag with an overly large height attribute.

A while back, I had an issue kind of like that on my Mac. I needed to check out an FRx report (part of the Microsoft Great Plains accounting system). So, I fired up a Windows virtual machine I hadn't used in months and tried to start FRx. It promptly bombed on some sort of arithmetic overflow error every time. It had worked fine in the same VM the last time I'd used it.

The VM was running full-screen on my new 30-inch external monitor. Wondering if that might be the problem, I switched the VM to run in a normal application window, which I sized to something like 1600x1200, the size of my old external monitor (down from 2560x1600 at full-screen). FRx then ran fine in its own window within the VM's window. It turned out what mattered was the overall screen size, not FRx's application window size.

29 posted on 12/21/2011 11:26:24 AM PST by cynwoody
[ Post Reply | Private Reply | To 1 | View Replies]

To: Thane_Banquo
The problem is Windows' failure to properly respond to the bad HTML. The specific browser is beside the point -- no browser should be able to pass that kind of bad code to a properly functional OS.
30 posted on 12/21/2011 11:39:49 AM PST by xkcd2
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce; Joya

HMMMMM

Perhaps . . . have you been using Safari?


31 posted on 12/21/2011 12:06:54 PM PST by Quix (Times are a changin' INSURE you have believed in your heart & confessed Jesus as Lord Come NtheFlesh)
[ Post Reply | Private Reply | To 1 | View Replies]

To: OneVike; ShadowAce; Thane_Banquo; dayglored; gimme1ibertee; Mr. K; discostu; st.eqed; ...
Well, within a week, my pc started shutting down and I even saw a few blue windows where IU was warned of problems. I immediately uninstalled safari and never had a problem again.

So the problem of Safari also seems to effect 64-bit windows that run Vista, at least it did for me. So to me this is nothing new.

I've been involved with the development, testing and installation
of operating systems for well over 45 years.
starting with OS/MVT through z/OS and
all flavors of Unix at Bell Labs

One of the fundamental rules of an operating systems is
that it can not be taken down by any application !
Any robust op/sys should be able to shed a rogue application program.

If any application program is able to crash an "operating system",
the "operating system" has fundamental flaws.
Complete systems and integration testing starting
at the module level should have taken place.

Microsoft system 7 and 8 are nothing
but variations on Windows NT.

Windows NT

I would recommend a robust op/sys such any variant of *nix

I defenestrated in 2002 switching to Mac OS X.

A robust Unix with the User Friendly interface of Apple.

Since the advent of Intel Mac there is no reason not to.


32 posted on 12/21/2011 12:07:29 PM PST by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: OneVike

VISTA was horrible

Windows 7 is much better- install that as soon as possible


33 posted on 12/21/2011 12:07:47 PM PST by Mr. K (Physically unable to profreed <--- oops, see?)
[ Post Reply | Private Reply | To 27 | View Replies]

To: NonValueAdded
Well seeing as they try to push Safari to every user of iTunes with each update, I would think they should be very concerned with interoperability testing. FWIW I always make sure Safari is deselected before every apple update.
34 posted on 12/21/2011 12:14:37 PM PST by Woodman
[ Post Reply | Private Reply | To 11 | View Replies]

To: OneVike

Yep, but the system problems are a Safari problem and not 64-bit windows problem. The developers of Safari, for whatever reason did not bother to test, identify, or fix any issues its browser might have running in a 64-bit system. That is fine, it is primarily meant to be a Mac browser and if they don’t care about people who want to run it on a Win64 system then that is their business. Software developers who want their software to continue running on Macs will certainly address any issues with a new or updated OS and the same applies to Apple and its software. Mac is not expected to completely maintain backwards compatibility and neither is MS.


35 posted on 12/21/2011 12:17:05 PM PST by RJS1950 (The democrats are the "enemies foreign and domestic" cited in the federal oath)
[ Post Reply | Private Reply | To 27 | View Replies]

To: BenKenobi

Safari was written to run on other OS; it had to be for it to work on those systems and they need it to work with iTunes on other systems. On the side, I don’t install iTunes updates unless I absolutely have to because its effects on other than Mac OS seems to be unpredictable, causing BSOD and loss of iTunes data files. It sometimes seems akin to malware.


36 posted on 12/21/2011 12:22:37 PM PST by RJS1950 (The democrats are the "enemies foreign and domestic" cited in the federal oath)
[ Post Reply | Private Reply | To 28 | View Replies]

To: OneVike

Seems you knew about it before anyone else did.


37 posted on 12/21/2011 12:32:40 PM PST by b4its2late (Only two things are infinite, the universe and human stupidity, and I am not sure about the former.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: UriĀ’el-2012

There’s 2 great reasons not to get Macs:
1 - you can buy 2 solid PCs for the price of a Mac
2 - all the software is written for Windows. Yeah sure Mac can pretend to be Windows, but good luck getting support if there’s a problem, the companies support Windows, not pretending to be Windows.

Yeah Windows has problems. Whatever. It’s fast, it’s smooth, it’s actually pretty stable (I haven’t seen a blue screen in years), it’s cheap (if you’re at all connected to the industry it’s free legally), and there’s tons of software available. Sure you don’t get to be snooty about your OS, but only a pathetic loser takes pride in the OS on their computer anyway, and you wants to be one of them. Take the money you save buying a PC and go to the liquor store and learn to be snooty about something cool like scotch.


38 posted on 12/21/2011 1:51:08 PM PST by discostu (How Will I Laugh Tomorrow When I Can't Even Smile Today)
[ Post Reply | Private Reply | To 32 | View Replies]

To: OneVike

7 is basically Vista with less bugs, so anything that crashes 7 is probably gonna spike Vista too.


39 posted on 12/21/2011 1:54:07 PM PST by discostu (How Will I Laugh Tomorrow When I Can't Even Smile Today)
[ Post Reply | Private Reply | To 27 | View Replies]

To: b4its2late

As I said, I am an almost 20 year user, and in that time I have learned many lessons when dealing with pc troubles.

The biggest problems I always face, come from compatibility with programs I have installed. So I try to install programs slowly to see if there is a compatibility problem. I never take a chance.

Mainly, because I hate pc troubles, so much so I am considering going to Mac next time I get a new computer.

Anyway, I give it a while before adding new programs so I can see if things are doing good. If I have trouble, I start with removing the last software I installed then go from there. If it fixes the trouble, and 95% of the time it does, I consider it a buyer beware problem.

If it does not fix the problem, then I consider it must be my pc that is the problem. Many friends and relatives have had problems with identical software and OS that I never had, and vise verse. It all boils down to programming, manufacturing, electricity, and user usage.

As a rule I do not get discombobulated over things so much so that I end up calling tech support, unless the machine is brand new. Usually if it is new, I demand a replacement, because I will not work with anything that has problems fresh out of the pack. That is just asking for continued trouble.

So if the problem seems to be a software problem, especially if that software is free like browsers are, then no one usually knows but me until I read an article like this.


40 posted on 12/21/2011 2:02:38 PM PST by OneVike (Just a Christian waiting to go home)
[ Post Reply | Private Reply | To 37 | View Replies]

To: discostu
7 is basically Vista with less bugs, so anything that crashes 7 is probably gonna spike Vista too.

That is pretty much what I figured out at the time I removed the browser and the problem ceased to exist. So I stay away from Safari.
41 posted on 12/21/2011 2:05:29 PM PST by OneVike (Just a Christian waiting to go home)
[ Post Reply | Private Reply | To 39 | View Replies]

To: discostu
There’s 2 great reasons not to get Macs: 1 - you can buy 2 solid PCs for the price of a Mac 2 - all the software is written for Windows. Yeah sure Mac can pretend to be Windows, but good luck getting support if there’s a problem, the companies support Windows, not pretending to be Windows.

Yeah Windows has problems. Whatever. It’s fast, it’s smooth, it’s actually pretty stable (I haven’t seen a blue screen in years), it’s cheap (if you’re at all connected to the industry it’s free legally), and there’s tons of software available. Sure you don’t get to be snooty about your OS, but only a pathetic loser takes pride in the OS on their computer anyway, and you wants to be one of them. Take the money you save buying a PC and go to the liquor store and learn to be snooty about something cool like scotch.

You can buy two or three Fiats or Yugos
for the price of a Ford or Chevy.

For less than a bottle of Lagavulin,
you can port your entire windows machine
into VMware Fusion window.
One can cut and paste across machines.
Share file systems between machines.
Share I/O devices across machines.

One can sandbox your Windows
machine from the Internet.

OBTW you will find out what the
technical term:
Benutzerfreundlichkeit means.

The ROI is far better on a Mac than a PC any PC.

Networking is absolutely seamless with OS X.

But you are an IT consultant, do what you please.


42 posted on 12/21/2011 6:12:09 PM PST by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 38 | View Replies]

To: UriĀ’el-2012
"One of the fundamental rules of an operating systems is that it can not be taken down by any application ! Any robust op/sys should be able to shed a rogue application program."

I'll never be a developer but I've done some loading Windows to new boxes and old for many years, my gig is lab admin. I like the way your big old brain works. Nobody outside the compound should be able to walk in and torch the fort. That is not an assident from the intruder, that is a flaw in the OS. I prefer Windows because of my time with it, but I still get POd from time to time. Apple gives me the redass too, every time I use it.

Stay safe FReeper.

43 posted on 12/21/2011 6:23:04 PM PST by West Texas Chuck (Alcohol, Tobacco and Firearms. That should be a convenience store, not a Government Agency.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: BuckeyeTexan
Yeah, that patch is called Linux.

OOOOOh! You so funneee! :P Thanks for the tip....
44 posted on 12/21/2011 7:06:35 PM PST by gimme1ibertee ("Criticism......brings attention to an unhealthy state of things"-Winston Churchill)
[ Post Reply | Private Reply | To 19 | View Replies]

To: RJS1950
Until something comes out, don’t use Safari.

Thanks.I don't intend to use Safari or anything else.
I use Firefox religiously and always have,and I also have Avast! installed.
I keep them both updated.I've never had a problem with these two.(If it ain't broke,don't fix it.)
I just wondered if there was anything else I might need to do to insure my laptop doesn't vapor-lock on me one day because of some security flaw.
45 posted on 12/21/2011 7:11:41 PM PST by gimme1ibertee ("Criticism......brings attention to an unhealthy state of things"-Winston Churchill)
[ Post Reply | Private Reply | To 13 | View Replies]

To: UriĀ’el-2012
Very good points all.

Only thing that bothers me on FreeRepublic computer tech threads is the ignorance of posters about the purpose and proper function of an Operating System. The early CP/M MS-PC/DOS then Win9x and finally the WinNT family of “operating systems” have conditioned many PC users to system crashes. These crashes may have been due to direct hardware access in the early DOS days, to poorly written drivers which operated in kernel space/Ring 0 or poorly validated system calls. Microsoft is trying to clean up the kernel space/user space mess from past Win32 APIs...

As you stated, an application should never be able to crash a properly designed privileged operating system. While Intel does a good job with maintaining the x86 and and forwarding the current and future x64 spec, as long as the Ring transition costs remain as is, Microsoft will always be tempted to let too much code run (or call) Ring 0...

Seems one can never convince the technically ignorant because their computer company allegiances prevail over reason. This Win32 HTML kernel bug being a prime example.


dvwjr

46 posted on 12/21/2011 7:25:27 PM PST by dvwjr
[ Post Reply | Private Reply | To 32 | View Replies]

To: dayglored

You are correct an application should never be able to crash an OS. this has to be taken care of at the OS level ultimately..


47 posted on 12/21/2011 11:03:34 PM PST by ColdSteelTalon (Light is fading to shadow, and casting its shroud over all we have known...)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Electric Graffiti
> Are you saying Apple’s Safari is a malicious piece of software? I agree with you....When you down load an executable, you either give it permission to run on your system or you don’t. The OS cannot protect itself from user inflicted dumbsh!tness ..... you ignorant puffed up smidgeon of blowfish sh!t

First, you are rude beyond tolerance, and out of line with the rules of this site. So here's your chance to apologize for your outrageous and unprovoked ad hominem attack.

Second, your are factually incorrect -- operating systems protect themselves all the time from userland application errors like the one in Safari under discussion here. The fact that you apparently don't know that is astonishing -- your arrogance combined with your inaccuracy makes you sound like a ranting fool. Regardless of how you sound, your statement is utterly false, would you like to retract it?

Third, you being the one who is incorrect, are out of line calling me ignorant. Unlike you, I know what I'm talking about.

So here's your chance to redeem yourself, your big opportunity to take your rude and inaccurate comments back.

BTW, I wasn't actually calling Safari "malicious" per se, although my experience with it on Windows has been terrible. I find it to be unstable and uncooperative at best. I refuse to put it on my Windows computers, and I do not allow it on the Windows computers used by the international software company for whom I am Director of System Administration. Safari for Windows will not cross our doorstep on my watch. Nevertheless, it's not "malicious", strictly speaking; it's just awful -- but that's enough.

Cheers.

48 posted on 12/21/2011 11:42:56 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 17 | View Replies]

To: for-q-clinton
> While this is most likely a Microsoft issue, it is possible that Safari installed itself in such a way to access Ring 0.

While I suppose you could argue that it's theoretically possible that's what happened here, the fact is, it's not what happened here. Microsoft is scrambling to fix their vulnerability, instead of pointing a finger back at Apple, so we know for sure it's a Microsoft issue. Otherwise, MS would have a field day with Apple's application error.

I can't say with authority that Windows Safari stays out of Ring 0 -- it might throw some driver in the kernel, I don't know offhand. But an IFRAME tag causing a large memory request is not a Ring 0 kernel kind of a problem. No application memory allocation request should ever cause a bluescreen. And Microsoft will find it and fix it, they're bright folks.

Nice try, no dice.

49 posted on 12/22/2011 12:00:32 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 23 | View Replies]

To: UriĀ’el-2012

Very well stated, and agreed, all of it.


50 posted on 12/22/2011 12:08:35 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 32 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-56 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson