Microsoft: Don't Use Safari Web Browser [Archive] - Canadian TV, Computing and Home Theatre Forums


Canadian TV, Computing and Home Theatre Forums > Consumer Electronics and Home Computing > Home Computing > Windows Computing > Microsoft: Don't Use Safari Web Browser PDA : Microsoft: Don't Use Safari Web Browser granduncle 2008-05-31, 11:57 AM http://www.theregister.co.uk/2008/05/31/microsoft_warns_against_apple_safari/ The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times. Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat. granduncle 2008-06-10, 07:07 PM Proof of concept... http://www.theregister.co.uk/2008/06/10/apple_safari_carpet_bombing_demo/ Clicking on this link with Safari using default settings automatically downloads a booby-trapped file onto a Windows user's desktop with no prompting. The next time the user opens Internet Explorer, the force-fed file automatically causes the notepad.exe application to launch and open a non-existent file. Of course, miscreants could choose far more nefarious code. ...it's interesting to note that Safari is the only major browser that automatically downloads the rogue payload. Gives a whole new meaning to Apple's "It just works" mantra. spensar 2008-06-10, 09:08 PM Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat. But, but, isn't Apple perfect in every way in everything?