The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times.
Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat.
Clicking on this link with Safari using default settings automatically downloads a booby-trapped file onto a Windows user's desktop with no prompting. The next time the user opens Internet Explorer, the force-fed file automatically causes the notepad.exe application to launch and open a non-existent file. Of course, miscreants could choose far more nefarious code.
...it's interesting to note that Safari is the only major browser that automatically downloads the rogue payload. Gives a whole new meaning to Apple's "It just works" mantra.
But, but, isn't Apple perfect in every way in everything?
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Canadian TV, Computing and Home Theatre Forums
1.7M posts
114.9K members
Since 2001
A forum community dedicated to Canadian TV, computing and home theatre owners and enthusiasts. Come join the discussion about home audio/video, displays, troubleshooting, styles, projects, DIY’s, product reviews, accessories, classifieds, and more!