Filed under: Internet, Security
Double trouble for Windows Safari users
Windows users might have more of a headache when it comes to the Safari "carpet bombing" bug. Macworld reports that combined with a bug in Internet Explorer, attackers can run malicious applications on a victim's computer (obviously without their consent) using Safari for Windows.
Aviv Raff, according to Macworld, reported the IE bug over a year ago, and warned of its consequences when paired with a carpet-bombing-like scenario. He recommends to stop using Safari for the time being.
Microsoft issued a security advisory in response to the "new public reports of a blended threat" combining the two problems. Microsoft suggests in the advisory that changing the default folder that Safari uses for downloads will protect users from these attacks.
True, it all starts when the user follows a link, so (as always) be careful what you click on.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Seth A said 8:19PM on 6-01-2008
So, where is the link?! Lol. Now this is what I was afraid of, I think Apple was in over their heads when releasing Safari for Windows. I don't even use Safari on Windows. I think the purpose was originally for Web Development purposes. I would imagine the catch ratio of people on Windows using Safari that don't use Safari on a Mac is very very low.
Reply
Rowan said 9:48PM on 6-01-2008
If you're using Safari for windows, just uninstall Internet Explorer to get around this. Oh wait, you can't - scrap that thought.
Reply
tim said 8:57PM on 6-01-2008
Wait...so they are blaming Safari because it can become a problem with paired with a bug in IE?! Are we just supposed to excuse IE problems now as if they are allowed?
Am I missing something here?
Reply
Nick K. said 9:05PM on 6-01-2008
I say we don't put any warning labels about this kinda stuff...
Those Windows users are getting what's comin' to them!
I kid, I kid...
Reply
macerroneous said 9:47PM on 6-01-2008
Apple is waiting to update Safari till June 9, when Safari will allow Windows users to access the wonders of ME.com (for a price) while mac users will get it all for free.
Reply
Jake J. said 10:00PM on 6-01-2008
Well, it's nice to see Microsoft's and Apple's products working together in harmony, however malicious it may be.
:-)
Reply
ericdano said 10:37PM on 6-01-2008
I love Safari on Windows (I'm using it now). I'd never go back to IE or Mozilla....
Reply
alchemistmuffin said 10:52PM on 6-01-2008
Well, the reason I think Apple not responding to this leads to one thing:
Introduction of Safari 4 at WWDC....
It is going to be the "one more thing", just like last year's WWDC....
Reply
Brent said 10:53PM on 6-01-2008
I'm using it now, as a matter of fact! My compy hasn't blown up yet!
Reply
boatofcar said 1:22AM on 6-02-2008
Why any Windows user would use Safari over Firefox or Opera is beyond me...heck, I'm a Mac user and I use Firefox.
Reply
Evan said 3:43AM on 6-02-2008
When is TUAW going to cover the story about Apple's new patent discussed here: http://geekygadgetry.com/2008/06/solar-powered-iphone-gives-geeks-reason.html
I really want to know their take on it.
Reply
Evan said 3:24AM on 6-04-2008
Whoops! That's not the link. Here it is: http://www.geekygadgetry.com/2008/06/01/solar-powered-iphone-on-its-way/
RobK said 10:23AM on 6-02-2008
So there are two security flaws -- one in Windows and one in Safari. Both need to be fixed.
But I am concerned that Apple is not treating this seriously. According to an article in PCWorld, Apple "is not treating the Safari bug as a security issue".
See http://www.pcworld.com/businesscenter/article/146537/safari_flaw_worse_than_first_thought_microsoft_warns.html
This is not too surprising since it looks like Apple took a similar stance with the serious iCal flaw (that Apple knew about since January from a security researcher). After months of apparent broken promises from Apple, the security researcher provided details of the flaw to the world before any patch. I am not sure whether the iCal security flaw has been patched yet by Apple.
Come on Apple. Wake up. Users of Apple hardware and software are concerned about security. Please take security seriously and provide timely patches to security flaws in your products.
P.S. It will be interesting to see whether MS provides a patch to its flaw in Windows before Apple patches Safari (in BOTH Windows and Mac OS X).
Reply