A hacker known as w3bd3vil posted a message on Twitter a couple of days ago claiming that he found a vulnerability in the 64-bit version of Windows 7 that could be taken advantage of using Apple’s popular web browser Safari.
“<iframe height='18082563'></iframe> causes a BSoD on win 7 x64 via Safari. Lol!” said the hacker in a tweet.
In a later tweet he provides further explanations, stating that the NtGdiDrawStream which is called multiple times is causing a “not so interesting crash.”
Researchers from Secunia confirm the accuracy of the hacker’s findings, reporting that the flaw can be utilized by a hacker to take over a machine.
“The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large 'height' attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges,” reads Secunia’s report.
- Your 32-bit Google Chrome installation on Windows will migrate to 64-bit automatically
- Cobalt Strike 3.2 – The Inevitable x64 Beacon
- Emsisoft Anti-Malware 11 ships with native 64-bit build
- Havex RAT Authors Self-Sign Malware to Appear from IBM, 64-Bit Version Spotted
- KIVARS With Venom: Targeted Attacks Upgrade with 64-bit “Support”
- 64bit OSX hacking with Metasploit