Archives for the ‘safari’ Category

Minor Safari cross domain bug

I found this while writing Astalanumerator. Safari allows you to overwrite top and parent with native code and maybe other stuff (I haven’t tried). This allows you to define something on domain A and call it on domain B using the top and parent. I’d email Apple about it but the last time I reported […]

Safari security

Well what do you do when you report a bug to Apple and the deny it is even a problem? Turn it into a remote one. What do you do when they don’t provide you with any credit whatsoever? Give up? Stop testing Safari? Or drink lots of coffee and red bull, stay up all […]

Safari vulnerability look before you leap

I’m sick and tired with people commentating on my work without either knowing the details or having enough technical expertise to perform a simple test and read the URL bar. Here’s an example, now I’ve tried to promote my work by submitting to the many media sources and highlight Apple’s poor security attitude but it […]

iPhone Safari zero day

A friend of mine has just got himself a new iPhone and I asked him to test my Safari Zero day and what do you know, it works! LOL, it is now possible for any web site to read the contents of another web site when browsing the Internet with the iPhone. My original announcement:- […]

How I found the Safari exploit

Introduction I hope you found my posts on the Safari security holes interesting, in this post I’m going to try and explain how I think and how I managed to work out an exploit for Safari. This post will be unusual for me because generally I try to keep my writing short and sweet, but […]

Safari beta zero day

Apple annoy me or rather their security attitude annoys me. I told them about a vulnerability months ago, I persisted and told them again. I got a generic reply from them saying:- ——————————– Hello, Thank you for filing this issue via Apple’s bug reporting system. Apple takes every report of a potential security problem very […]

Safari leaks Google queries

I’ve found yet another hole in Safari, this one leaks search queries or anything in the query string. It works by setting the javascript property “host” and redirects an open window to a page which will display the search query. Proof of concept Tested on Safari 2.0.4 on mac and Safari 3.02 beta on windows.

Safari same origin hole

Background Whilst investigating same origin javascript policy with Ronald from, I found another vulerability in Safari 3.02 beta on windows, it could also work on OS X but I haven’t tested it. Normally I would have reported this to Apple before releasing the details however the last time I found a problem with Safari […]