News Stay informed about the latest enterprise technology news and product updates.

Microsoft warns Apple Safari users of new vulnerability

In a warning issued to customers late Friday, Microsoft urged Safari users to change the browser's default download location.

Microsoft issued an advisory late Friday warning users of Apple's Safari browser that it is vulnerable to a blended...

threat that allows remote code execution.

We've activated our Software Security Incident Response Process (SSIRP) and are working with our colleagues at Apple to investigate the issue.
Tim Rains,
product managerMicrosoft Malware Protection Center

The vulnerability can be exploited on all supported versions of Windows XP and Windows Vista, Microsoft said in its advisory.

The problem is a bug in the default download location in Safari and in the way Windows handles executable files. An attacker could exploit the vulnerability by tricking users into visiting a website to download malicious content to the user's machine.

"We've activated our Software Security Incident Response Process (SSIRP) and are working with our colleagues at Apple to investigate the issue," Microsoft's Tim Rains, a product manager in the Microsoft Malware Protection Center said in the Microsoft Security Response blog.

Apple released Safari for Windows last year. In March, it made the browser available to Windows users of iTunes by default during a software update.

Rains said Microsoft is not aware of any attacks in the wild. As a workaround, Microsoft is advising Safari users to change the default location where Safari downloads content to the local drive.

The issue could stem from a warning from security researcher Nitesh Dhanjani earlier this month, who discovered a way for a malicious website to litter a Safari user's desktop or downloads directory with files. Dhanjani described the problem calling it a Safari carpet bomb, on his blog. Dhanjani discovered three issues with Safari and said he has been working with Apple to resolve them.

Dig Deeper on Web browser security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.