Posts Tagged ‘Safari’

Vulnerability

Browser extension

Specialist anti-virus protection Zoltan Balazs announced the creation of a special program, which looks like an extension to the browser and perform almost all the functions typical of malware.

In particular, Balazs’s extension supports remote management, modification viewed web-pages, download and execute external code, theft of login information to log in to various services, bypassing two-factor authentication on the web-sites, and more. Among other things, Bazals promises to publish its program code in a public repository GitHub as an experimental corroboration of its findings about the vulnerabilities of modern browsers.

Balazs himself working in the Hungarian branch of the well-known consulting firm Deloitte. His product, he decided to show what risks may pose a browser extension and the antivirus industry attention to this problem. Prior to the open publication Balazs shared his code with the major vendors.

When to use browser extensions for criminal activities are known. So, in May of this year, it was discovered an extension to the browser Chrome, which inserts false advertising page on Wikipedia. However, so far malicious extensions mainly served for fraud with online advertising, or for processing search requests to a fake website.┬áBalazs development shows that such extensions can be used for more serious attacks. (more…)

Apple LogoApple released a patch 121 in the 6th version of the browser Safari. 117 of 121 newly discovered vulnerability found in the browser engine – WebKit. According to experts, most of the vulnerabilities discovered in the browser engine, allow cybercriminals to execute arbitrary code and force the robot to complete the application.

Apple also released a new patch, called “Close” XSS-vulnerability and the patch, which should solve the problem of access control. This vulnerability could allow an attacker to send any file from the victim’s computer to a remote server. Also released fix that solves the problem of auto-complete passwords. Autocomplete produced even if a site like function disabled. The company also released an update, closes XSS-vulnerability in the boot loader files, built-in browser.