Bad Apples

Zero Day Initiative disclosed today the existence of a bug in the Safari browser which could allow an attacker to execute arbitrary code on vulnerable systems, if the user visits a malicious webpage containing malicious Javascript. A fix has been published by Apple at the same time as the advisory was released.

The bug was more than six months old, having been found in November 2008. Proving that Apple customers were not impacted in any way by the bug in the meantime is left as an exercise to the reader.