Mac OS X KHTMLParser Denial of Service Weakness

Tom Ferris has discovered a weakness in Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service).  The weakness is caused due to an error in the KHTMLParser when parsing certain malformed HTML documents. This can be exploited to crash an application that uses the parser via a specially crafted HTML file. In certain cases, this may cause the system to become unresponsive.  The weakness has been confirmed to affect TextEdit and Safari in Mac OS X with Security Update 2005-009. Other applications that use the parser may also be affected.

Solution:  Do not open or follow links to HTML files from non-trusted sources

Leave a Reply