Safari ‘carpet bombing’ attack cipher in the wild

The Safari “carpet bombing” blended-threat vulnerability discovered in May could be more dangerous for Windows users with exploit cipher available online.

Mac users are not affected by the threat.

The exploit takes advantage of the fact that the Desktop is Safari’s default download location. Pair that with a flaw in Net Explorer that allows files of a specific name to be automatically run, and you have a situation where Safari downloads a file and IE runs it.

InfoWorld notes that the source cipher and demo were posted on Sunday. Apple, so far,

has not commented on the InfoWorld story, and has no plans to alter Safari. Since downloading to the Desktop is Safari’s only involvement in the threat, there doesn’t seem to be any problem to exact.

Microsoft’s problem, on the other hand, has to do with automatically running files that just happened to be named something IE cares about, which Microsoft has known about since 2006. Microsoft has not commented on the story either, but their suggestion is still to avoid using Safari for Windows.

[Source] Robert Palmer

Macintosh macintosh support cheap electronics windows explorer safari macintosh laptops os x laptop computers computer macintosh computers