Safari 'carpet Bomb' attack code

A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers. The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a victim's machine, and could be used by criminals in […]

A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers. The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a victim's machine, and could be used by criminals in Web-based computer attacks, security experts say.

Now that there is a public example of the attack code, Safari users running the Windows operating system should be concerned, said Eric Schultze, chief technical officer at Shavlik Technologies. "This is a bad thing. If you've got Safari, you're in trouble," he said. The Safari bug, originally disclosed on May 15 by security researcher Nitesh Dhanjani, allows attackers to litter a victim's desktop with executable files, an attack known as "carpet bombing."

Apple has reportedly said that it has no plans to patch the Safari flaw, but Microsoft released a security advisory on the problem on May 30, a sign that it may be working on a patch.

Source:→ PC World