Article

Microsoft warns Apple Safari users of new vulnerability

SearchSecurity.com Staff

Microsoft issued an advisory late Friday warning users of Apple's Safari browser that it is vulnerable to a blended threat that allows remote code execution.

    Requires Free Membership to View

We've activated our Software Security Incident Response Process (SSIRP) and are working with our colleagues at Apple to investigate the issue.
Tim Rains,
product managerMicrosoft Malware Protection Center

The vulnerability can be exploited on all supported versions of Windows XP and Windows Vista, Microsoft said in its advisory.

The problem is a bug in the default download location in Safari and in the way Windows handles executable files. An attacker could exploit the vulnerability by tricking users into visiting a website to download malicious content to the user's machine.

"We've activated our Software Security Incident Response Process (SSIRP) and are working with our colleagues at Apple to investigate the issue," Microsoft's Tim Rains, a product manager in the Microsoft Malware Protection Center said in the Microsoft Security Response blog.

Apple released Safari for Windows last year. In March, it made the browser available to Windows users of iTunes by default during a software update.

Rains said Microsoft is not aware of any attacks in the wild. As a workaround, Microsoft is advising Safari users to change the default location where Safari downloads content to the local drive.

The issue could stem from a warning from security researcher Nitesh Dhanjani earlier this month, who discovered a way for a malicious website to litter a Safari user's desktop or downloads directory with files. Dhanjani described the problem calling it a Safari carpet bomb, on his blog. Dhanjani discovered three issues with Safari and said he has been working with Apple to resolve them.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: