Network News

X My Profile
View More Activity

Apple Issues Fix for Safari On Windows Security Flaw

Apple today pushed out a new version of its Safari browser for Microsoft Windows users. The latest iteration plugs at least four security holes, including one that allowed automatic downloading of files to the Windows desktop. In some cases, these files could be started without the user's knowledge.

saf.jpg

Safari version 3.1.2 corrects a flaw, which allows any rogue Web site to "carpet bomb" the user's Windows Desktop. At the time this vulnerability was first detailed, many people down played its severity. But in a recent, exclusive interview with Security Fix last week, researcher Liu Die Yu demonstrated how he could force his proof-of-concept malicious code to automatically run on a Windows machine, just by convincing a Safari for Windows user to click on a link.

Apple says it fixed the problem by changing two behaviors in Safari: First, the new version no longer saves downloaded files to the Windows desktop. Rather, in Vista, Safari will save files to the Downloads folder, and in XP, it will stash them in the user's Documents folder. In addition, Apple said Safari will no longer automatically download files, but rather prompt the user prior to saving a download file.

The new version is available from Apple Downloads or through the Apple Software Update program bundled with Safari on Windows.

By Brian Krebs  |  June 19, 2008; 6:30 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Citibank to Replace ATMs Following Crime Spree
Next: Serious Security Vulnerabilty In Apple OS X Leopard

Comments

Found this on the net the other day while browsing.

www.iantivirus.com

It's a new Free AntiVirus for Mac OS X

Check it out.

Posted by: Mark | June 19, 2008 7:33 PM | Report abuse

Seriously - how will this stop someone from clicking the link in the first place? That is where the system is in dire need of repair. If someone is stupid enough to click the link, they are probably just going to OK the dialog box and the net result is still the same.

Ron White is right - you can't fix stupid.

Posted by: Buster | June 19, 2008 8:21 PM | Report abuse

And Buster is right about Ron White.

Posted by: Rick | June 20, 2008 10:04 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company