In association with heise online

08 January 2007, 16:23

Omniweb Mac browser executes malicious code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The seventh bug in the Month of Apple Bugs affects the alternative Mac OS X browser Omniweb. Malicious code can be injected and executed with the user's privileges, through a format string vulnerability in the JavaScript function alert. However, although a test by heise Security editorial staff of the provided POC (Proof Of Concept) code on version 5.5.1 of Omniweb, did cause the predicted crash, it left the current version 5.5.2 of the browser unaffected, other than merely presenting a string in a pop-up window. Shell code to infiltrate programs is not included in the POC.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit