• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
  • About
  • Contact
  • Subscribe
  • Advertise
methodshop

methodshop

tech news, reviews & how to's

  • Trending
  • Latest
  • Tech
    • Apps
    • Internet
    • Software
    • Security
    • Games
    • Advertising
  • Life
    • Entertainment
    • TV & Film
    • Music
    • Health & Science
    • Family
    • Social Media
    • Food
    • Style
  • Learn
    • Tutorials
    • Reviews
    • News
      • Business
      • Crime
      • Politics
  • Fun
    • Featured
    • Humor
    • Holiday

Home : Software : Crashing Apple’s Web Browser with Another Safari Image of Doom

Apple Cyber Security

Crashing Apple’s Web Browser with Another Safari Image of Doom

A fatal flaw has been discovered with Apple's web browser, Safari, where a simple image can crash the app. It's another Safari Image of Doom.

April 5, 2006 by jayfrankwilson
FacebookTweetPinLinkedIn

A fatal flaw has been discovered with Apple’s web browser, Safari, where a simple image can crash the app. It’s another the Safari Image of Doom.

I am not a developer. Nor am I a security guru. And quite frankly I don’t know my way around Unix, WebKit or Core Image. But I do know when there is an issue involving the aforementioned areas that needs to be addressed. This….. Safari Image of Doom II, or whatever that is, needs to be addressed by Apple. And quickly.

Safari’s Kryptonite = An Image File

The lowdown; apparently Drunkenbatman, of drunkenblog.com fame, has brought to light a flaw in the way apps based on WebKit and WebCore handle certain images. It crashes them. Completely, unapologetically, and without prejudice, smacks them down like a redheaded stepchild.

Drunkenbatman does a better job than I ever could of expounding on this issue. And why discoveries like this one hint at an OS that may not be quite as secure as we all like to believe. So rather than provide my own explanation of what this is all about, I will paraphrase his post.

  • the image below crashes anything webkit-based in a very hardcore way. Actually, it crashes anything using ImageIO. That includes the Finder and Preview and apps based on Webkit and WebCore like NetNewsWire.
  • It’s remarkably similar to the Safari Image of Doom™ from a while ago, although this time ImageIO seems to be choking during an EXIF routine, so I won’t rehash what I said there. However, a few thoughts…
  • This particular image (and ones like it) are already floating around on the web. It wasn’t “created” to show off a flaw.
  • While it’s hard not to notice that an image is once again taking out Safari. It should be considered a security issue.
  • Individual applications have all basically rolled their own support instead of using what Apple provides. You are able to open the image with Photoshop, and Graphic Convertor, and of course things like Camino and Firefox will view this page just fine. If a developer can’t trust Apple’s included solution to be robust, there’s little point in throwing it in aside from bullet points.
  • Don’t underestimate the above, nor how widespread the problem is throughout Mac OS X. As an example, I have yet to encounter a developer needing to use SOAP services in a serious way on OS X that hasn’t given up on what Apple’s provided to the point where they just write their own stack.
  • I haven’t met anyone at Apple that’s nervous of dropping OS X as it currently stands. So I’m always amused at what shows up around the web. And less amused by the pundits feeding it to them.
  • I asked around and was told this issue has been reported as bug #4485821 in Apple’s system. No clue as to the status/resolution.

DrunkenBatman’s post has already elicited a wide range of responses from his readers. Many of which are just upset that he saw fit to include the aforementioned “Image of Death” directly in his post. I’m among the afflicted. My NetNewsWire promptly crapped the bed as soon as I clicked the link to the post.

From drunkenbatman;

“I’m aware many people who have the site in their feeds will be trying to access it via something based on WebKit/WebCore. Safari may have crashed, and you lost all your open tabs. You may have had your RSS reader up, and opened up some links in tabs, and down it all went. Read whatever you will into the fact that while these things did occur to me, I’m attaching it inline instead of linking to it separately anyways.”

I will not include the image in question in this post. But if you just have to see the bug in action click (Let me be clear; Safari WILL crash if you click the following links, there, consider yourselves warned) here or here.

Should We Worry About Another Safari Image of Doom?

I’m not worried. Despite the unsettling ease with which a graphic can bring to its knees. And some of the very core applications in Mac OS X, namely the Finder, Preview, and Safari that are impacted by this bug. It may be naive of me, but I am still unconcerned about the overall implications of such a flaw.

Don’t get me wrong, I understand just how significant a discovery this is. And how coding bugs such as this one can result in security breaches. But I am not worried. Maybe it is because I have become one of those unreasonably smug Apple users. I hear about people like me on pro-Microsoft websites (no seriously, there are some). Perhaps it is because I rubbed the bald head of my pure ivory Steve Jobs statue three times this morning for good luck. I really can’t say.

What I do know is that Apple has assigned this vulnerability a bug number. That # is 4485821. Which means the people who need to know about it, do. We’re in good hands. In fact, I have no doubt that his Steve Jobs deprived some engineer well deserved quality time with the family to address this issue. And hopefully as quickly as possible!

Maybe when I wake up in the morning I will feel differently about how secure OS X is. Maybe. But honestly, I don’t see that happening.

Via StationA.net


FacebookTweetPinLinkedIn
Category: Software, Apps, Internet Tag: Apple, Batman, Camino, Core Image, Firefox, Fox Business Channel, Graphic Convertor, ImageIO, Mac OS X, News Industry, Safari, Security, Steve Jobs, Unix, web browsers, WebCore, WebKit
Previous Post:Evolution of the Mac OS
Next Post:01-02-03-04-05-06 Day Is On April 5thNumbers

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Sidebar

Popular Posts

  • Job Automation Using ChatGPT Could Make These Jobs Obsolete - Is Your Job On This List?Job Automation Using ChatGPT Could Make These Jobs Obsolete – Is Your Job On…
  • The Surprising Story Behind The NBC ChimesThe Surprising Story Behind The NBC Chimes
  • 7 Pictures Of Naked People Captured By Google's Cameras7 Pictures Of Naked People Captured By Google’s Cameras
  • Top 200 Nielsen DMA Rankings (2023) – Full ListTop 200 Nielsen DMA Rankings (2023) – Full List
  • 5 Funny Resurrection Jokes To Share On Easter Sunday5 Funny Resurrection Jokes To Share On Easter Sunday
  • How To Change The Default LG TV Home Screen To Live TVHow To Change The Default LG TV Home Screen To Live TV
  • Is Your Hatch Restore Already Registered? Here's How To Fix It And Unregister A Hatch Restore.Is Your Hatch Restore Already Registered? Here’s How To Fix It And…
  • 20 Famous People Who Are Members Of The Sleepless Elite20 Famous People Who Are Members Of The Sleepless Elite
  • The Best Caddyshack Quotes: 30 Famous Caddyshack Quotes That'll Make You LaughThe Best Caddyshack Quotes: 30 Famous Caddyshack Quotes That’ll Make You Laugh
  • 10 Naked Sunbathers Busted By Google Earth10 Naked Sunbathers Busted By Google Earth

Categories

Clever Tech Gifts

10 Clever Tech Gifts That People Actually Want

Here are some clever tech gifts that your friends and family will love.

Everything Everywhere All At Once Quotes

The 40 Best Everything Everywhere All At Once Quotes

Ready to be inspired and challenged? Check out these amazing Everything Everywhere All At Once quotes that will help you see the world in a whole new light!

Recent Posts

  • The 40 Best Everything Everywhere All At Once Quotes
  • How To Manually Identify AI-Generated Text Without Using A ChatGPT Detector
  • 10 Clever Tech Gifts That People Actually Want
  • 10 Fun Things To Ask Alexa On St. Patrick’s Day
  • 30 Dirty Irish Pick Up Lines That Will Probably Get You Slapped

Jump to comments

About

MethodShop’s mission is to entertain, inform, and sometimes gross you out. MethodShop has affiliate relationships, so we may get a small share of the revenue from your purchases. Items are sold by the retailer, not by us. All prices are subject to change.

Latest

Everything Everywhere All At Once Quotes

The 40 Best Everything Everywhere All At Once Quotes

How To Visually Identify AI-Generated Text

How To Manually Identify AI-Generated Text Without Using A ChatGPT Detector

Follow

  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • Pinterest
MethodShop Animated Zoom Icon
  • About
  • Submit
  • Disclaimer
  • Privacy Policy
  • Contact
  • Subscribe
  • Store

Copyright © 2023 MethodShop · All Rights Reserved