Zero-day exploit for Safari
Security company Secunia is warning of a critical vulnerability in Apple's Safari browser. The current version (4.0.5) and possibly older versions are affected. If a user visits a website containing the exploit using the Windows version of Safari, the site can compromise the system and either crash the browser or execute malicious code. The problem is caused by an error in the way the browser deals with pop-ups.
The demo exploit provided by Secunia opens the calculator program in Windows XP Service Pack 2. No cases of the vulnerability being exploited in the wild have been reported to date. Users should nevertheless avoid clicking on links to untrusted websites.