Microsoft has announced a warning about Safari's vulnerability. Actually, it? has been found by researcher Nitesh Dhanjani about two weeks ago, and it was called carpet bombing vulnerability, it's a bug that cause Safari to download resources from website without bother to ask user's permission.In Windows, this vulnerability can cause malicious files to be downloaded from an attacker's website to the Windows default download folder, desktop folder. And this can be dangerous, for example there is a probability that the downloaded files maybe using familiar icon such as My Computer's icon, Windows Explorer's icon, etc, and user just run the program without knowing the danger.
Unfortunately, Apple's security team said they didn't see this as a security issue, but as a further measure against unwanted downloads. Microsoft urges windows user to shut down Safari until they find solution about this vulnerability.
So, Mac users can just ignore this vulnerability. Hey, wait a minute, Dhanjani also said that this carpet bombing can happen on OS X too. Is it one for Microsoft and none for Apple's?
No comments:
Post a Comment