Microsoft has released a security advisory warning of the effect we have previously reported as “Safari Carpet Bombing.” This is what most people would call a vulnerability in Safari on both Windows and OS X in that Safari does not warn users before downloading files. The default download location on Windows for Safari is the Desktop, so a malicious page could fill the desktop with files, potentially malicious files, and in scenarios which could use social engineering to trick the user into opening at least one of them.
No program is perfect, but Apple’s response to the vulnerability was disturbing. They don’t consider it a security vulnerability, and are treating user confirmation as just another feature request. Apple has taken a lot of heat over this, including from StopBadWare.org.
No comment yet
2 Trackbacks & Pingbacks: | TrackBack URI
-
Pingback from 1Apple fixes carpet-bombing, released updated Safari for Windows » D' Technology Weblog: Technology, Blogging, Tips, Tricks, Computer, Hardware, Software, Tutorials, Internet, Web, Gadgets, Fashion, LifeStyle, Entertainment, News and more by Deepak G says:June 21st, 2008 at 3:24 am
[...] a new version of Safari for Windows that includes a security fix for a high-profile carpet-bombing desktop attack vulnerability previously dismissed by the Cupertino vendor. The Safari update is [...]
-
Pingback from 2liboh.es » Safari 3.1.1 para Windows says:June 3rd, 2008 at 3:48 am
[...] Windows está en su versión 3.1.1 y podemos decir que va bastante mejor. No obstante, Microsoft sigue desaconsejando su uso en Windows por razones de seguridad (aunque dichas razones las considero un poco [...]
