Back to Mobile View

Skip to Content

TUAW Deals

Safari 'carpet bombing' exploit could be serious

A zero-day vulnerability in Safari that could litter a user's desktop (or downloads folder) with arbitrary files is a serious security flaw, argues ZDNet, and not a mere "annoyance" as Apple claims.

In theory, a user must click a link to visit a malicious website that can begin downloading arbitrary files (including applications) to the user's computer without their permission. The problem affects both the Windows and Mac versions of Safari.

Researcher Nitesh Dhanjani reported the flaw to Apple, which promised to patch it in a future release of Safari. ZDNet and StopBadware.org contend, however, that a patch should be released immediately.

It's old advice, but it bears repeating: be careful of the links you click, and know where they go before you click them.

© 2014 AOL Inc. All Rights Reserved.