NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Home / News / Apple / Software

Software

Safari Vulnerable! Apple to Issue Fix for One of Three Faults

Safari Carpet Bomb makes it possible for rogue websites to litter the user's Desktop/Downloads directory

By Filip Truta, Apple News Editor

16th of May 2008, 08:58 GMT

Adjust text size:

A recent report claims that Apple's security team has "dismissed" a research saying its standard web browser still has faults that may allow hackers to mess up your Mac, or PC. That's right, PC, because Apple's Safari

is available on Windows too and folks "updating" their software a while ago were in a position of finding themselves downloading malicious content, without being asked for permission by Safari. A total of three faults have been acknowledged by researchers, but Apple will be fixing only one.

"Malware downloaded to the user's desktop without the user's consent" is the primary issue researcher Nitesh Dhanjani has encountered with Apple's standard web browser on Mac OS X Leopard. According to the research, it is actually quite simple to use the browser to deploy malware on one's machine.

Malware downloaded to the user's desktop without his/her consent

According to the researcher, Safari doesn't bother to ask users for permission when downloading content from websites. Since Safari does not know how to render the content-type of a certain address, it will automatically start downloading the "carpet bomb" every time it is served. Dhanjan says this is what will happen if you are using Safari in Windows (click the image above to enlarge).

According to The Register, "when informed of this 'carpet bombing' vulnerability (as researcher Billy (BK) Rios has dubbed it), Apple agreed that it might be good if Safari actually checked with the user before downloading potentially vicious files, but signaled that kind of addition wasn't much of a priority."

An insider from Apple's security team told Dhanjani the following: "Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. We want to set your expectations that this could take quite a while, if it ever gets incorporated."

Apple let Dhanjan know that they would fix one of the issues he reported, but asked him not to discuss the vulnerability until they roll out the fix, due to the risky nature of the bug affecting Safari on both OS X and Windows.

Secunia rates the vulnerability as "less critical."

TAGS:	Safari \| security \| vulnerability \| carpet bomb \| rogue	SHARE THIS
Read by 1,303 user(s) \| Add comment \| Link to this article		TWEET THIS

Article rating:

Good (3.3/5)

6 vote(s)

Subscribe to news |

Print article |

Send to friend

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

Comment #1 by: k661940 on 17 May 2008, 16:43 GMT	reply to this comment
yeh safari has been crashing on a regular basis i bought a mac to get away from microsoft/windows crap. seems 21st tech still cant do what the ads promise

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive