Double trouble for Windows Safari users

by Robert Palmer (RSS feed) on Jun 1st 2008 at 8:00PM

Windows users might have more of a headache when it comes to the Safari "carpet bombing" bug. Macworld reports that combined with a bug in Internet Explorer, attackers can run malicious applications on a victim's computer (obviously without their consent) using Safari for Windows.

Aviv Raff, according to Macworld, reported the IE bug over a year ago, and warned of its consequences when paired with a carpet-bombing-like scenario. He recommends to stop using Safari for the time being.

Microsoft issued a security advisory in response to the "new public reports of a blended threat" combining the two problems. Microsoft suggests in the advisory that changing the default folder that Safari uses for downloads will protect users from these attacks.

True, it all starts when the user follows a link, so (as always) be careful what you click on.

Tags: carpet bomb, CarpetBomb, safari, security

Mac Support Technician

Kerdan - Cambridge, MA (2 weeks ago)

See More Relevant Jobs ›

Reader Comments (Page 1 of 1)

Seth A said 8:19PM on 6-01-2008

So, where is the link?! Lol. Now this is what I was afraid of, I think Apple was in over their heads when releasing Safari for Windows. I don't even use Safari on Windows. I think the purpose was originally for Web Development purposes. I would imagine the catch ratio of people on Windows using Safari that don't use Safari on a Mac is very very low.

↓↑report

Rowan said 9:48PM on 6-01-2008

If you're using Safari for windows, just uninstall Internet Explorer to get around this. Oh wait, you can't - scrap that thought.

↓↑report

tim said 8:57PM on 6-01-2008

Wait...so they are blaming Safari because it can become a problem with paired with a bug in IE?! Are we just supposed to excuse IE problems now as if they are allowed?

Am I missing something here?

↓↑report

Nick K. said 9:05PM on 6-01-2008

I say we don't put any warning labels about this kinda stuff...
Those Windows users are getting what's comin' to them!
I kid, I kid...

↓↑report

macerroneous said 9:47PM on 6-01-2008

Apple is waiting to update Safari till June 9, when Safari will allow Windows users to access the wonders of ME.com (for a price) while mac users will get it all for free.

↓↑report

Jake J. said 10:00PM on 6-01-2008

Well, it's nice to see Microsoft's and Apple's products working together in harmony, however malicious it may be.

:-)

↓↑report

ericdano said 10:37PM on 6-01-2008

I love Safari on Windows (I'm using it now). I'd never go back to IE or Mozilla....

↓↑report

alchemistmuffin said 10:52PM on 6-01-2008

Well, the reason I think Apple not responding to this leads to one thing:

Introduction of Safari 4 at WWDC....

It is going to be the "one more thing", just like last year's WWDC....

↓↑report

Brent said 10:53PM on 6-01-2008

I'm using it now, as a matter of fact! My compy hasn't blown up yet!

↓↑report

boatofcar said 1:22AM on 6-02-2008

Why any Windows user would use Safari over Firefox or Opera is beyond me...heck, I'm a Mac user and I use Firefox.

↓↑report

Evan said 3:43AM on 6-02-2008

When is TUAW going to cover the story about Apple's new patent discussed here: http://geekygadgetry.com/2008/06/solar-powered-iphone-gives-geeks-reason.html

I really want to know their take on it.

↓↑report

Evan said 3:24AM on 6-04-2008

Whoops! That's not the link. Here it is: http://www.geekygadgetry.com/2008/06/01/solar-powered-iphone-on-its-way/

↓↑report

RobK said 10:23AM on 6-02-2008

So there are two security flaws -- one in Windows and one in Safari. Both need to be fixed.

But I am concerned that Apple is not treating this seriously. According to an article in PCWorld, Apple "is not treating the Safari bug as a security issue".

See http://www.pcworld.com/businesscenter/article/146537/safari_flaw_worse_than_first_thought_microsoft_warns.html

This is not too surprising since it looks like Apple took a similar stance with the serious iCal flaw (that Apple knew about since January from a security researcher). After months of apparent broken promises from Apple, the security researcher provided details of the flaw to the world before any patch. I am not sure whether the iCal security flaw has been patched yet by Apple.

Come on Apple. Wake up. Users of Apple hardware and software are concerned about security. Please take security seriously and provide timely patches to security flaws in your products.

P.S. It will be interesting to see whether MS provides a patch to its flaw in Windows before Apple patches Safari (in BOTH Windows and Mac OS X).

↓↑report

Tip of the Day

Want to drag a file to another folder and copy it instead of moving it? Press the Option key when you drag that file and it'll be duplicated rather than moved entirely.

Learn More

TUAW flickr Pool

www.flickr.com

Latest Jobs from TUAW Jobs

Post a Job

Featured Galleries

More Apple Analysis

AAPL on BloggingStocks The Apple category feed from BloggingStocks.com
AAPL Quote, News & Summary The AAPL financials page from AOL Money and Finance
iPhone analysis from BloggingStocks iPhone tag feed from BloggingStocks
Macintosh news and reviews on Download Squad The Macintosh category feed from Download Squad