« Is this the new face of the iPhone? | Main | iTunes flicks jump the pond »
Looking at the Safari "blended threat"
There's word of a new security issue circulating for Safari in which files could be downloaded and executed on a user's system without notification.
The good news is, this is a Windows vulnerability, so Mac users don't have anything to sweat. However, as boot camp and Safari for Windows have put Apple fans into a two-platform world, I think this issue warrants some examination.
The first thing to note is that this is not a vulnerability per say, there's no buffer overflow or other error to exploit. However, it is what is known as a "blended threat" in which features in both Windows and Safari are leveraged to allow the attacker to install and execute code on the user's system.
Details on the attack are not being disclosed, but a series of similar "blended" attacks between Firefox and IE emerged late last year. The issues weren't easy to fix, and Mozilla had to make a couple of attempts before a successful fix was issued.
Fortunately, there's an easy way for all you Jon Hodgman types to mitigate the attack: simply go into the Safari preference panel and change the location that your Safari downloads are sent to.
Post a comment