Microsoft warns users off Safari

'Carpet-bombing' interoperability flaw leaves Windows users open to malicious attacks when using Apple's Safari browser, the Windows maker claims.

Microsoft has taken the rare step of warning users of its operating system (OS) off rival vendor, Apple's Safari browser due to a flaw in interoperability that could leave them open to malicious attacks.

The Safari bug, originally brought to light in mid-May by security researcher Nitesh Dhanjani plays on the fact Safari can automatically download certain files without a user's permission.

If a Windows OS user visits a hacked website using Safari, a vulnerability in how XP and Vista handle executable files on the desktop can be exploited to litter the victim's desktop with executable files containing malicious code.

In a rare step, Microsoft issued a security advisory last Friday that also confirmed the Safari flaw is dependent on the Windows OS vulnerability regarding executable files on the desktop.

And Aviv Raff, another researcher has also claimed a second Windows flaw could actually allow a hacker to run unauthorised software on a victim's computer.

Although Apple did not respond to an IT PRO request for comment, it has been widely reported that it may not see the flaw as seriously as Microsoft does. Dhanjani said that, when he alerted Apple to the flaw, the Mac vendor responded that it did not see the bug as a security issue. "Apple does not feel this is an issue they want to tackle at this time," he wrote in his blog.

He reproduced Apple's response, which read: "Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated."

Apple's seemingly nonchalant reaction has attracted criticism from the security community, where consumer IT security advocacy group Stopbadaware.org has said Apple should "reconsider its stance".

This latest issue comes six weeks after the discovery of a denial of service (DoS) vulnerability in the iPhone version of the Safari browser.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Apple MacBook Pro 13in (Apple M1, 2020) review: Almost unbelievably good
Laptops

Apple MacBook Pro 13in (Apple M1, 2020) review: Almost unbelievably good

6 Jan 2021
Apple MacBook Air (Apple M1, 2020) review: The world’s best ultraportable
Laptops

Apple MacBook Air (Apple M1, 2020) review: The world’s best ultraportable

28 Dec 2020
Apple iOS 14.3 launch brings privacy labels for all apps
privacy

Apple iOS 14.3 launch brings privacy labels for all apps

15 Dec 2020
Apple might ditch Qualcomm for in-house modems
Mobile

Apple might ditch Qualcomm for in-house modems

11 Dec 2020

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021