Microsoft Warns Against Using Safari for Windows

Microsoft Warns Against Using Safari for Windows

Techtree News Staff, Jun 02, 2008 1940 hrs IST

The flaw was reported on May 15 by security researcher Nitesh Dhanjani, who termed the attack as "carpet bombing".

E-Mail Print

Microsoft has warned Windows users of the dangerous Apple's Safari for Windows flaw reported on May 15 by security researcher Nitesh Dhanjani. As per Dhanjani, the attack termed as "carpet bombing" exposes a security hole that allows downloading of potentially malicious executables on the victim's desktop. These malicious executables run automatically as normal Windows executables.
Thus, it's obvious that Safari can be used to victimize if it runs on Windows-based systems.

Dhanjani wrote on his blog, "Apple does not feel this is an issue they want to tackle at this time." While Apple takes it as "enhancement request", according to Aviv Raff, a security researcher, exploitation of the "carpet bombing" flaw with an IE bug could enable unauthorized access to attackers for running malicious software on the victim's computer.


Raff had reported the bug more than a year ago. The attack executes when a maliciously crafted Web site is visited by a victim on a Safari browser that triggers the "carpet bombing" attack and exploits the IE flaw. Even if the download location in Safari is changed, the Safari/IE flaw would still remain exploitable, according to Raff. Though both vulnerabilities are moderately on individual grounds, together they can create a critical flaw.

Having warned Windows users of the flaw, Microsoft has also addressed the issue. In their security advisory, they recommend that Windows users restrict usage of the Safari browser until such a time the update patch is made available. And that users change the download location to other than the desktop if at all they wish to continue to use Safari. All versions of Windows XP and Vista are affected by this flaw.



Write a comment

       (All fields are mandatory.)

Text Limit = 255 Characters

Type the characters you see in the picture below.

#

Characters are not case sensitive.

USER COMMENTS

thank u for ur advice...... i has been using safari for past 3 weeks.....

by raj, chennai, on Jun 08, 2008 02:19 PM, Report abuse Reply

A work around (thogh interim only) to this vulnerability is available. Configure your Safari browser to store downloads to any folder other than desktop. On your Safari toolbar, go to Edit. Select preferences and change default location (of storing downloads) from Desktop to a folder of your choice.

by yogeshb329, New Delhi, on Jun 03, 2008 02:36 PM, Report abuse Reply

I think the biggest issue in any internet security issue is almost always the user being stupid enough to click on a potentially dangerous site for the sake of a) money, b) tits, or c) someone they know sending them a link via email. The best security measure is usually just to be aware of what the heck you're doing before you just zip around on the internet onto random sites.

by Anonymous, Anon, on Jun 03, 2008 09:31 AM, Report abuse Reply

Funny thing is I don't hear about any Mac OS X maschines being compromised when using Safari? MAybe it's yet another gaping hole in Windoze Vista security that is the real issue. Nothing like drawing attention away from your own joke of an operating system! My OS X Safari system has never been compromised, ever! Can any Windoze user mak ethat claim, NOT!

by Sammyjs, Indpls., on Jun 03, 2008 12:44 AM, Report abuse Reply

Maybe because Windows is less security flawed than OSX? I hate Windows, but Vista is far more secure than Mac and it's joke of an OS. A good Linux/Unix box wins every time in that ring.

by Gzus, Laser Town, on Jun 02, 2008 11:42 PM, Report abuse Reply

How about a warning not to use Windows in general because of all the flaws!

by Bob, Green Harbor, MA., on Jun 02, 2008 11:20 PM, Report abuse Reply

VIEW ALL LATEST

 

SimCity, Sims 3 And Spore Come To The iPhone

News > Gaming , September 06, 2008 0727 hrs IST

Build cities, people and creatures, wherever you are ...

BenQ 21-inch -- HD Capable

News > Hardware , September 06, 2008 0717 hrs IST

BenQ has officially released the "first 21.5-inch full-HD" LCD monitor in India ...

D-day for Apple, Microsoft

News > Consumer Electronics , September 06, 2008 0842 hrs IST

On September 9th, both Apple and Microsoft will show off something old and something new. Who do you think will steal the day? ...

1080p on iPhone 3G? Bring it on!

News > Gadgets , September 06, 2008 0728 hrs IST

Can the iPhone 3G play 1080p HD videos? ...

MIT Scientists To Rescue Us From Flight Delays

News > General , September 06, 2008 0732 hrs IST

Bad weather? Bah! ...

 

USER REVIEWS

MOST POPULAR NEWS

Hide
News

Could A DVR Save Your Marriage?

News | Consumer Electronics | 04 Sep 2008

...Or should you stick to your shrink?
News

Firefox Counters Chrome's Speed Test

News | Internet | 04 Sep 2008

According to Mozilla's SunSpider test, Firefox 3.1 is 28% faster than Chrome on ...
News

Nokia N96 for Rs. 40,000?

News | Telecom | 04 Sep 2008

False alarm everyone... We have learnt from Nokia that the N96 will be priced be...

MOST POPULAR REVIEWS

Hide

MOST POPULAR GAMES

Hide

MOST POPULAR DOWNLOADS

Hide
Downloads

Forbidden.exe

Downloads | Games | 02 Sep 2008

Downloads

md5deep

Downloads | System Tools | 04 Sep 2008

Downloads

RivaTuner

Downloads | System Tools | 03 Sep 2008