: Microsoft: Don't Use Safari Web Browser


granduncle
2008-05-31, 12:57 PM
http://www.theregister.co.uk/2008/05/31/microsoft_warns_against_apple_safari/
The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times.

Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat.

granduncle
2008-06-10, 08:07 PM
Proof of concept...
http://www.theregister.co.uk/2008/06/10/apple_safari_carpet_bombing_demo/
Clicking on this link with Safari using default settings automatically downloads a booby-trapped file onto a Windows user's desktop with no prompting. The next time the user opens Internet Explorer, the force-fed file automatically causes the notepad.exe application to launch and open a non-existent file. Of course, miscreants could choose far more nefarious code.

...it's interesting to note that Safari is the only major browser that automatically downloads the rogue payload. Gives a whole new meaning to Apple's "It just works" mantra.

spensar
2008-06-10, 10:08 PM
Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat.

But, but, isn't Apple perfect in every way in everything?