Apple Safari Browser Hit By Zero-day Vulnerability

Apple's Safari web browser has come under scrutiny after the discovery of a critical 'zero-day' bug in the Windows version of the application.

The bug, discovered by Danish IT security company Secunia and the US Computer Emergency Readiness Team (US-CERT), exploits a vulnerability in the way Safari works on Windows operating systems that could lead to remote code execution attacks on computers.

Will Dormann of US-CERT wrote on the organisation's web page: “Exploit code for this vulnerability is publicly available. We have confirmed Apple Safari 4.0.5 on the Windows platform to be vulnerable. Other versions may also be affected.”

Crediting the discovery to security researcher Krystian Kloskowski, Dormann wrote that although a permanent fix for the vulnerability was not currently available, users should be fine if they disabled the JavaScript for the Safari web browser.

US-CERT suggested that users of affected browsers should access the browser using non-administrator accounts to stop the malicious code being given permission to run.

Users were also advised not to follow random links on unconfirmed web pages.