Apple Issues Fix for Safari On Windows Security Flaw
Apple today pushed out a new version of its Safari browser for Microsoft Windows users. The latest iteration plugs at least four security holes, including one that allowed automatic downloading of files to the Windows desktop. In some cases, these files could be started without the user's knowledge.
Safari version 3.1.2 corrects a flaw, which allows any rogue Web site to "carpet bomb" the user's Windows Desktop. At the time this vulnerability was first detailed, many people down played its severity. But in a recent, exclusive interview with Security Fix last week, researcher Liu Die Yu demonstrated how he could force his proof-of-concept malicious code to automatically run on a Windows machine, just by convincing a Safari for Windows user to click on a link.
Apple says it fixed the problem by changing two behaviors in Safari: First, the new version no longer saves downloaded files to the Windows desktop. Rather, in Vista, Safari will save files to the Downloads folder, and in XP, it will stash them in the user's Documents folder. In addition, Apple said Safari will no longer automatically download files, but rather prompt the user prior to saving a download file.
The new version is available from Apple Downloads or through the Apple Software Update program bundled with Safari on Windows.
June 19, 2008; 6:30 PM ET
Categories: New Patches
Save & Share: Previous: Citibank to Replace ATMs Following Crime Spree
Next: Serious Security Vulnerabilty In Apple OS X Leopard
Posted by: Mark | June 19, 2008 7:33 PM | Report abuse
Posted by: Buster | June 19, 2008 8:21 PM | Report abuse
Posted by: Rick | June 20, 2008 10:04 AM | Report abuse
The comments to this entry are closed.