• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
  • About
  • Contact
  • Subscribe
  • Advertise
methodshop

methodshop

tech news, reviews & how to's

  • Trending
  • Latest Stories
  • Fun
  • Culture
  • Learn
  • Tech
  • Search
You are here: Home / Technology / Software / Crashing Apple’s Web Browser with Another Safari Image of Doom
Apple Cyber Security

Crashing Apple’s Web Browser with Another Safari Image of Doom

A fatal flaw has been discovered with Apple's web browser, Safari, where a simple image can crash the app. It's another Safari Image of Doom.

April 5, 2006 by jayfrankwilson
Facebook0Tweet0Pin0LinkedIn0

A fatal flaw has been discovered with Apple’s web browser, Safari, where a simple image can crash the app. It’s another the Safari Image of Doom.

I am not a developer. Nor am I a security guru. And quite frankly I don’t know my way around Unix, WebKit or Core Image. But I do know when there is an issue involving the aforementioned areas that needs to be addressed. This….. Safari Image of Doom II, or whatever that is, needs to be addressed by Apple. And quickly.

Safari’s Kryptonite = An Image File

The lowdown; apparently Drunkenbatman, of drunkenblog.com fame, has brought to light a flaw in the way apps based on WebKit and WebCore handle certain images. It crashes them. Completely, unapologetically, and without prejudice, smacks them down like a redheaded stepchild.

Drunkenbatman does a better job than I ever could of expounding on this issue. And why discoveries like this one hint at an OS that may not be quite as secure as we all like to believe. So rather than provide my own explanation of what this is all about, I will paraphrase his post.

  • the image below crashes anything webkit-based in a very hardcore way. Actually, it crashes anything using ImageIO. That includes the Finder and Preview and apps based on Webkit and WebCore like NetNewsWire.
  • It’s remarkably similar to the Safari Image of Doom™ from a while ago, although this time ImageIO seems to be choking during an EXIF routine, so I won’t rehash what I said there. However, a few thoughts…
  • This particular image (and ones like it) are already floating around on the web. It wasn’t “created” to show off a flaw.
  • While it’s hard not to notice that an image is once again taking out Safari. It should be considered a security issue.
  • Individual applications have all basically rolled their own support instead of using what Apple provides. You are able to open the image with Photoshop, and Graphic Convertor, and of course things like Camino and Firefox will view this page just fine. If a developer can’t trust Apple’s included solution to be robust, there’s little point in throwing it in aside from bullet points.
  • Don’t underestimate the above, nor how widespread the problem is throughout Mac OS X. As an example, I have yet to encounter a developer needing to use SOAP services in a serious way on OS X that hasn’t given up on what Apple’s provided to the point where they just write their own stack.
  • I haven’t met anyone at Apple that’s nervous of dropping OS X as it currently stands. So I’m always amused at what shows up around the web. And less amused by the pundits feeding it to them.
  • I asked around and was told this issue has been reported as bug #4485821 in Apple’s system. No clue as to the status/resolution.

DrunkenBatman’s post has already elicited a wide range of responses from his readers. Many of which are just upset that he saw fit to include the aforementioned “Image of Death” directly in his post. I’m among the afflicted. My NetNewsWire promptly crapped the bed as soon as I clicked the link to the post.

From drunkenbatman;

“I’m aware many people who have the site in their feeds will be trying to access it via something based on WebKit/WebCore. Safari may have crashed, and you lost all your open tabs. You may have had your RSS reader up, and opened up some links in tabs, and down it all went. Read whatever you will into the fact that while these things did occur to me, I’m attaching it inline instead of linking to it separately anyways.”





I will not include the image in question in this post. But if you just have to see the bug in action click (Let me be clear; Safari WILL crash if you click the following links, there, consider yourselves warned) here or here.

Should We Worry About Another Safari Image of Doom?

I’m not worried. Despite the unsettling ease with which a graphic can bring to its knees. And some of the very core applications in Mac OS X, namely the Finder, Preview, and Safari that are impacted by this bug. It may be naive of me, but I am still unconcerned about the overall implications of such a flaw.

Don’t get me wrong, I understand just how significant a discovery this is. And how coding bugs such as this one can result in security breaches. But I am not worried. Maybe it is because I have become one of those unreasonably smug Apple users. I hear about people like me on pro-Microsoft websites (no seriously, there are some). Perhaps it is because I rubbed the bald head of my pure ivory Steve Jobs statue three times this morning for good luck. I really can’t say.

What I do know is that Apple has assigned this vulnerability a bug number. That # is 4485821. Which means the people who need to know about it, do. We’re in good hands. In fact, I have no doubt that his Steve Jobs deprived some engineer well deserved quality time with the family to address this issue. And hopefully as quickly as possible!

Maybe when I wake up in the morning I will feel differently about how secure OS X is. Maybe. But honestly, I don’t see that happening.

Via StationA.net

Related Posts:

  • Did You Know That Indiana Jones And The Temple Of Doom Is A Prequel?Did You Know That Indiana Jones And The Temple Of…
  • Another Apple Patent InfringementAnother Apple Patent Infringement
  • PSP Web BrowserPSP Web Browser

Facebook0Tweet0Pin0LinkedIn0
Category: Software, Apps, Internet Tag: Apple, Batman, Camino, Core Image, Firefox, Fox Business Channel, Graphic Convertor, ImageIO, Mac OS X, NetNewsWire, Safari, security, Steve Jobs, Unix, web browsers, WebCore, WebKit
Previous Post: « Evolution of the Mac OS
Next Post: 01-02-03-04-05-06 Day Is On April 5th Numbers »

Sidebar


Trending Now

  • Coyote Found Frozen Solid... Literally Dead In Its TracksCoyote Found Frozen Solid… Literally Dead In Its Tracks
  • 22 Inspirational Dr. Seuss Quotes To Help Motivate Your Life22 Inspirational Dr. Seuss Quotes To Help Motivate Your Life
  • 7 Pictures Of Naked People Captured By Google's Cameras7 Pictures Of Naked People Captured By Google’s Cameras
  • How To Erase iPod Tutorial -- The Super Fix for Most iPod ProblemsHow To Erase iPod Tutorial — The Super Fix for Most iPod Problems
  • How To Play The Original Oregon Trail Game Online For FreeHow To Play The Original Oregon Trail Game Online For Free
  • 5 Easy Elevator Hacks That Will Help Give You An Express Ride5 Easy Elevator Hacks That Will Help Give You An Express Ride
  • How To Easily Create A PayPal Shipping Label Without InvoiceHow To Easily Create A PayPal Shipping Label Without Invoice
  • 50+ Famous Happy Birthday Quotes From Notable Personalities50+ Famous Happy Birthday Quotes From Notable Personalities
  • 5 Tantalizing Google Street View Hookers Caught On Camera (NSFW)5 Tantalizing Google Street View Hookers Caught On Camera (NSFW)
  • Fixed! What To Do If Your iPod Battery Won't ChargeFixed! What To Do If Your iPod Battery Won’t Charge





Polaire Personal Cooling Device - Fraud Alert

5 Reasons Why The Polaire Air Conditioner Is An Internet Scam

Here are all of the reasons why you should NOT buy the Polaire air conditioner and why this personal cooling device is not a legitimate alternative to air conditioning.

Categories

Platoon Movie Quotes

10 Powerful Platoon Quotes That Will Shake Your Reality

Running Man Quotes

36 Best Running Man Quotes From The 1987 Arnold Schwarzenegger Film

Actually, there’s really no dialog in this film, just lots of one-liners. Here are some of the best Running Man quotes from the 1987 Arnold Schwarzenegger film.



About

MethodShop’s mission is to entertain, inform, and sometimes gross you out. MethodShop has affiliate relationships, so we may get a small share of the revenue from your purchases. Items are sold by the retailer, not by us. All prices are subject to change.

Latest

Products That Can Help You Easily Monitor Electricity Usage At Home

4 Products That Can Help You Easily Monitor Electricity Usage At Home

Snow Pee Prank

Try This Hilarious Snow Pee Prank On Your Friend’s Car

Follow

MethodShop Animated Zoom Icon
  • About
  • Submit
  • Disclaimer
  • Privacy Policy
  • Contact
  • Subscribe
  • Store

Copyright © 2021 MethodShop · All Rights Reserved · Powered by BizBudding Inc.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.