Canadian TV, Computing and Home Theatre Forums banner

Microsoft: Don't Use Safari Web Browser

2K views 2 replies 2 participants last post by  spensar 
#1 ·
http://www.theregister.co.uk/2008/05/31/microsoft_warns_against_apple_safari/
The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times.

Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat.
 
#2 ·
Proof of concept...
http://www.theregister.co.uk/2008/06/10/apple_safari_carpet_bombing_demo/
Clicking on this link with Safari using default settings automatically downloads a booby-trapped file onto a Windows user's desktop with no prompting. The next time the user opens Internet Explorer, the force-fed file automatically causes the notepad.exe application to launch and open a non-existent file. Of course, miscreants could choose far more nefarious code.

...it's interesting to note that Safari is the only major browser that automatically downloads the rogue payload. Gives a whole new meaning to Apple's "It just works" mantra.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top