Locked machine up for 3 minutes, then Safari crashed and the machine recovered. OSX 10.4.5 PPC Safari 2.0.3 On 4/25/06, Tom Ferris <tommy@xxxxxxxxxxxxxxxxxxxxxx> wrote: > Just tested on the following: > > OS X 10.4.6 PPC with Safari 2.0.3 (417.9.2) > > Completely locked up my machine.. ;) > > Tom Ferris > Researcher > www.security-protocols.com > Key fingerprint = 0DFA 6275 BA05 0380 DD91 34AD C909 A338 D1AF 5D78 > > On Mon, 24 Apr 2006, Colin Keigher wrote: > > > It seems to affect older versions also. > > > > Tested on: > > iBook G4 with Mac OS X 10.3.9 (Build 7W98) + all updates from Apple > > > > Version affected: > > Safari 1.3.1 (312.3.1) under 10.3.9 > > > > Colin Keigher > > colinkeigherREMOVEFORAFREEPRIZEtelus.net > > > > On 24-Apr-06, at 11:00 AM, " " <security@xxxxxxxxxxx> <security@xxxxxxxxxxx> > > wrote: > > > >> > >> > >> Apple Mac OS X Safari 2.0.3 Vulnerability > >> ========================================= > >> > >> Release Date: > >> April 23th, 2006 > >> > >> Vendor: > >> Apple Computer Inc. > >> > >> Tested on: > >> iBook G4 1.2 GHz with Mac OS X 10.4.5 (Build 8H14) + all Updates from Apple > >> except "10.4.6 Update" > >> iBook G4 1.33 GHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from > >> Apple > >> PowerMac G4 Dual 867 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates > >> from Apple > >> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from Apple > >> > >> Versions affected: > >> Safari 2.0.3 (417.9.2) latest version under 10.4.5 (Build 8H14) and perhaps > >> prior versions > >> Safari 2.0.3 (417.9.2) latest version under 10.4.6 (Build 8I127) and > >> perhaps prior versions > >> > >> Overview: > >> A vulnerabilitiy exists in Safari 2.0.3 (417.9.2) and perhaps in prior > >> versions which causes the operating system to slow down SRCOD (Spinning > >> Rainbow Cursor Of Death), and therefore, it's not possible to launch any > >> applications like Terminal to kill the process. After several minutes > >> Safari crashes. > >> > >> Technical Details: > >> Create a new File with following code ... > >> > >> <HTML> > >> <TABLE> > >> <TR><TD ROWSPAN=2000000000> > >> > >> .. then save it as a .html file (example.html) now open it in Safari. The > >> application takes a lot of CPU and RAM slowing down the operating system > >> SRCOD (Spinning Rainbow Cursor Of Death), and it is no longer possible to > >> use OSX even "apple" + "ALT" + "ESC" is working very slow! > >> Go around and pull the power cable out or press the startbutton for a while > >> to shut down the computer. > >> > >> For an expample klick at the link with Safari (WARNING: That crashes Safari > >> after several minutes an first the SRCOD (Spinning Rainbow Cursor Of Death) > >> is there for all the time!) > >> http://www.yanux.ch/exploits/safari/example.html > >> > >> Report: > >> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from Apple > >> http://www.yanux.ch/exploits/safari/bugreport_imac_g4.txt > >> > >> Vendor Status: > >> Apple has notified of this issues on 04/23/2006 > >> > >> Solution: > >> Currently no patches have been released for this vulnerability. > >> > >> Discovered by: > >> Yannick von Arx > >> yannick[dot]vonarx[at]yanux[dot]ch > >> > >> ____________________________ > >> > >> e-mail:yannick.vonarx@xxxxxxxx > >> web: www.yanux.ch > >> > >> > >> > >> ------ > >> freemails.ch - Free Swiss E-Mails > >> > >> Webhosting nach Mass bereits ab CHF 5.50: www.hostplace.ch > >> > >> > > >
