Double trouble for Windows Safari users
Windows users might have more of a headache when it comes to the Safari "carpet bombing" bug. Macworld reports that combined with a bug in Internet Explorer, attackers can run malicious applications on a victim's computer (obviously without their consent) using Safari for Windows.
Aviv Raff, according to Macworld, reported the IE bug over a year ago, and warned of its consequences when paired with a carpet-bombing-like scenario. He recommends to stop using Safari for the time being.
Microsoft issued a security advisory in response to the "new public reports of a blended threat" combining the two problems. Microsoft suggests in the advisory that changing the default folder that Safari uses for downloads will protect users from these attacks.
True, it all starts when the user follows a link, so (as always) be careful what you click on.
Share
Windows users might have more of a headache when it comes to the Safari "carpet bombing" bug. Macworld reports that combined with a bug in...
Add a Comment
So there are two security flaws -- one in Windows and one in Safari. Both need to be fixed.
But I am concerned that Apple is not treating this seriously. According to an article in PCWorld, Apple "is not treating the Safari bug as a security issue".
See http://www.pcworld.com/businesscenter/article/146537/safari_flaw_worse_than_first_thought_microsoft_warns.html
This is not too surprising since it looks like Apple took a similar stance with the serious iCal flaw (that Apple knew about since January from a security researcher). After months of apparent broken promises from Apple, the security researcher provided details of the flaw to the world before any patch. I am not sure whether the iCal security flaw has been patched yet by Apple.
Come on Apple. Wake up. Users of Apple hardware and software are concerned about security. Please take security seriously and provide timely patches to security flaws in your products.
P.S. It will be interesting to see whether MS provides a patch to its flaw in Windows before Apple patches Safari (in BOTH Windows and Mac OS X).
When is TUAW going to cover the story about Apple's new patent discussed here: http://geekygadgetry.com/2008/06/solar-powered-iphone-gives-geeks-reason.html
I really want to know their take on it.
Whoops! That's not the link. Here it is: http://www.geekygadgetry.com/2008/06/01/solar-powered-iphone-on-its-way/
June 04 2008 at 3:22 AM Report abuse Permalink rate up rate down ReplyWhy any Windows user would use Safari over Firefox or Opera is beyond me...heck, I'm a Mac user and I use Firefox.
June 02 2008 at 1:22 AM Report abuse Permalink rate up rate down ReplyI'm using it now, as a matter of fact! My compy hasn't blown up yet!
June 01 2008 at 10:52 PM Report abuse Permalink rate up rate down ReplyWell, the reason I think Apple not responding to this leads to one thing:
Introduction of Safari 4 at WWDC....
It is going to be the "one more thing", just like last year's WWDC....
I love Safari on Windows (I'm using it now). I'd never go back to IE or Mozilla....
June 01 2008 at 10:37 PM Report abuse Permalink rate up rate down ReplyWell, it's nice to see Microsoft's and Apple's products working together in harmony, however malicious it may be.
:-)
Apple is waiting to update Safari till June 9, when Safari will allow Windows users to access the wonders of ME.com (for a price) while mac users will get it all for free.
June 01 2008 at 9:46 PM Report abuse Permalink rate up rate down ReplyI say we don't put any warning labels about this kinda stuff...
Those Windows users are getting what's comin' to them!
I kid, I kid...
Wait...so they are blaming Safari because it can become a problem with paired with a bug in IE?! Are we just supposed to excuse IE problems now as if they are allowed?
Am I missing something here?
Hot Apps on TUAW
Deals of the Day
more deals- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3



13 Comments