ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    Microsoft warns users off Safari

'Carpet-bombing' interoperability flaw leaves Windows users open to malicious attacks when using Apple's Safari browser, the Windows maker claims.

By Miya Knights, 3 Jun 2008 at 10:37

Microsoft has taken the rare step of warning users of its operating system (OS) off rival vendor, Apple's Safari browser due to a flaw in interoperability that could leave them open to malicious attacks.

The Safari bug, originally brought to light in mid-May by security researcher Nitesh Dhanjani plays on the fact Safari can automatically download certain files without a user's permission.

If a Windows OS user visits a hacked website using Safari, a vulnerability in how XP and Vista handle executable files on the desktop can be exploited to litter the victim's desktop with executable files containing malicious code.

In a rare step, Microsoft issued a security advisory last Friday that also confirmed the Safari flaw is dependent on the Windows OS vulnerability regarding executable files on the desktop.

And Aviv Raff, another researcher has also claimed a second Windows flaw could actually allow a hacker to run unauthorised software on a victim's computer.

Although Apple did not respond to an IT PRO request for comment, it has been widely reported that it may not see the flaw as seriously as Microsoft does. Dhanjani said that, when he alerted Apple to the flaw, the Mac vendor responded that it did not see the bug as a security issue. "Apple does not feel this is an issue they want to tackle at this time," he wrote in his blog.

He reproduced Apple's response, which read: "Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated."

Apple's seemingly nonchalant reaction has attracted criticism from the security community, where consumer IT security advocacy group Stopbadaware.org has said Apple should "reconsider its stance".

This latest issue comes six weeks after the discovery of a denial of service (DoS) vulnerability in the iPhone version of the Safari browser.

Email to a friend

Print this page

Social Bookmark this article: What is this?

Be the first to comment on this article

You need to Login or Register to comment.

advertisement

    Latest Internet Reviews

Mozilla Firefox 3.5 review

Rating: 5

Firefox has had its status as the number one IE alternative under threat for a while. Can it reclaim its position with the latest update?

Read more

 
advertisement

    Latest News Videos in Internet

Video: How to set up a Smoothwall firewall

Play Video: How to set up a Smoothwall firewall   Play

We take you through how to setup your own low-cost firewall system using nothing more than a low spec PC and free software.

 

    Whitepapers

Want more background on today's hottest IT trends?

Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.

    Register for IT PRO

You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Advertisement