OS X hit by another browser flaw

A few lines of code in a web page can force users of Apple's Safari browser to reboot their iMac

Apple took another knock on Monday [24 April] when a security researcher released news of a denial-of-service vulnerability in Apple's Safari web browser, which is a standard part of its OS X operating system.

The problem is triggered by opening a simple web page consisting of only three lines of HTML. The flaw was reported to the Full-Disclosure mailing list by Yannick von Arx, who said clicking on such a link "causes the operating system to [display the] Spinning Rainbow Cursor Of Death (SRCOD)".

The SRCOD is the OS X icon used to show that the operating system is busy. It is extremely difficult to regain control of the system while it is visible.

In his email to full-disclosure, Von Arx suggests the easiest ways to regain control are to unplug the computer or wait several minutes until Safari crashes.

It seems that this vulnerability could not be used to gain sensitive information or to take control of a victim’s PC, but it could easily be used to disrupt people using the OS X operating system. Von Arx said he reported the problem to Apple on 23 April, and that no patches have yet been released to fix it. Users could install an alternative browser, such as Firefox, to work around the problem.