Advertisement
Promo

Security threats Toolkit

Microsoft warns of blended Safari attack

Robert Vamosi ZDNet.co.uk

Published: 04 Jun 2008 12:18 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft has issued an advisory warning Windows users who have installed the Apple Safari for Windows browser that their systems may be vulnerable to attack.

The Safari 'carpet bombing' attack was first described by researcher Nitesh Dhanjani last month, but dismissed by Apple as a serious threat. Under Dhanjani's scenario, a user would surf using Apple Safari for Windows to a malicious website crafted in the following format: http://malicious.example.com/. Dhanjani says if Safari sees a content type in the format blah/blah it does not know how to renfer the proper correct result, so it starts downloading carpet_bomb.cgi, executing the downloaded files with the same rights as the logged-on user. The end result is the victim's desktop is populated with a variety of malicious files.

ZDNet.co.uk blogs

AT&T: Dell to release smartphone

Dell is set to launch a smartphone, AT&T chief executive Ralph de la Vega has revealed at Mobile World Congress...

Read blog +

Microsoft says it is the combination of the default download file location in Safari and how the Windows desktop handles the files that creates the blended threat on all supported versions of Windows XP and Windows Vista when Apple's Safari for Windows has been installed.

Microsoft notes that users who change the default Safari download location are not affected. Its advises users that, to change the download location in Safari, under Edit, select Preferences. Where it says 'Save Downloaded Files to', change the location.

Microsoft said it may follow the advisory with a security update if needed.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
3 out of 5 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Web Designer / Creative Designer - CSS, HTML, Photoshop, Dreamweaver

Applications Consultant - Microsoft SMS/SCCM, WSUS, DDPS

Service Desk Engineer (Cisco)

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment

Watchdog reveals illegal sale of phone...

The Information Commissioner's Office is preparing a prosecution file against a mobile operator's employees who allegedly sold on thousands of customers' details to a competitor. The... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters