14 DAY TRIAL // Microsoft representatives posted a message on their German Chief Security Advisory Blog in which they confirm the vulnerability found a few days ago by WebDevil who showed that by accessing a specially crafted HTML file in Safari someone would be able to crash the operating system.
The researchers claim that the weak point lies in a Windows component and not the browser, but since browsers are mostly responsible for calling the specific function, it’s believed that other browsers such as Internet Explorer versions prior to 9 could be affected.
At the moment, Microsoft is in contact with Apple trying to figure out what exactly causes this behavior.
They didn’t manage to reproduce the flaw in the 32-bit versions of Windows 7 and they state that it’s unlikely for someone to abuse this vulnerability.
“In addition, our colleagues in the US do not believe that the vulnerability is capable of infecting Windows systems with malware,” Michael Kranawetter said. “Microsoft is not aware of any attacks targeting the vulnerability.”
For now, it’s very unlikely that Microsoft will publish a security advisory, but since the investigation still continues the final decisions are yet to be made.
Since the bug was made public three days ago, we can expect that in the next period someone will come forward if the flaw can be utilized to infect a computer with malware. Once such a concept is out there, many security experts and hackers will surely attempt to make the best of it.
While cybercriminals may rush to exploit it to launch their malicious operations, relying on the fact that Microsoft will not do anything about the issue too soon, security providers and independent researchers will try to demonstrate the concept to gain fame. Stay tuned to see exactly how vulnerable you are if you use a Windows 7 64-bit operating system.