Microsoft warns users off Safari
By Miya Knights,
Microsoft has taken the rare step of warning users of its operating system (OS) off rival vendor, Apple's Safari browser due to a flaw in interoperability that could leave them open to malicious attacks.
The Safari bug, originally brought to light in mid-May by security researcher Nitesh Dhanjani plays on the fact Safari can automatically download certain files without a user's permission.
If a Windows OS user visits a hacked website using Safari, a vulnerability in how XP and Vista handle executable files on the desktop can be exploited to litter the victim's desktop with executable files containing malicious code.
In a rare step, Microsoft issued a security advisory last Friday that also confirmed the Safari flaw is dependent on the Windows OS vulnerability regarding executable files on the desktop.
And Aviv Raff, another researcher has also claimed a second Windows flaw could actually allow a hacker to run unauthorised software on a victim's computer.
Although Apple did not respond to an IT PRO request for comment, it has been widely reported that it may not see the flaw as seriously as Microsoft does. Dhanjani said that, when he alerted Apple to the flaw, the Mac vendor responded that it did not see the bug as a security issue. "Apple does not feel this is an issue they want to tackle at this time," he wrote in his blog.
He reproduced Apple's response, which read: "Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated."
Apple's seemingly nonchalant reaction has attracted criticism from the security community, where consumer IT security advocacy group Stopbadaware.org has said Apple should "reconsider its stance".
This latest issue comes six weeks after the discovery of a denial of service (DoS) vulnerability in the iPhone version of the Safari browser.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Networking Analysis & Insight
Bring you own device: the $600 question
Inside the enterprise: A recent Cisco report claims bring your own device is gaining support from IT departments. But how much are staff willing to invest in personal technology?
- Interop 2012: Q&A, Saar Gillai, CTO, HP Networking
- Is BT the key to broadband Britain?
- Tencent: the biggest web company you’ve never heard of
- The truth about spam
- Have ISPs finally lost the DEA fight?
- Are you ready to launch IPv6 securely?
- Broadband, pricing and small businesses
- Welcome to the stay-at-home Olympics
- Q&A: Cisco on servers, storage and strategy
Latest Networking Reviews
HP t410 All-in-One Thin Client review: First look
- Swyx SwyxExpress X20 review
- Ipswitch WhatsUp Gold Premium 15
- ForeScout Technologies CounterACT 6.3.4
- ThinPrint Printer Dashboard review: First Look
- TITUS Aware for Microsoft Outlook review
- Windows Phone 7 Mango review: First Look
- Dartware InterMapper review
- Kemp Technologies LoadMaster 3600 review
- Sangfor WANACC M5500 review
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
PlayRegister for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
