Apple’s arrogant air when it comes to security has yet again come back to
bite it. This time Danish security research firm Secunia discovered yet another
vulnerability in the web browser Safari, which they billed as "highly critical"
— their most serious rating.
Secondary confirmation of the bug came from the United States Computer
Emergency Readiness Team (US-CERT) (part of the U.S. Department of Homeland
Security), which issued an advisory after Polish researcher Krystian Kloskowski
disclosed the bug on Friday.
The bug exploits Apple’s poor implementation of code that handle’s the
browser’s parent windows. According to Secunia, "This can be exploited to
execute arbitrary code when a user visits a specially-crafted Web page and
closes opened pop-up windows."