Apple today pushed out a new version of its Safari browser for Microsoft Windows users. The latest iteration plugs at least four security holes, including one that allowed automatic downloading of files to the Windows desktop. In some cases, these files could be started without the user’s knowledge. Safari version 3.1.2 corrects a flaw, which allows any rogue Web site to “carpet bomb” the user’s Windows Desktop. At the time this vulnerability was first detailed, many people down played its severity. But in a recent, exclusive interview with Security Fix last week, researcher Liu Die Yu demonstrated how he could force his proof-of-concept malicious code to automatically run on a Windows machine, just by convincing a Safari for Windows user to click on a link. Apple says it fixed the problem by changing two behaviors in Safari: First, the new version no longer saves downloaded files to the Windows desktop.
Search
Recent Posts
Categories
Monthly Archives
- August 2008 (66)
- July 2008 (60)
- June 2008 (51)
- May 2008 (57)
- April 2008 (82)
- March 2008 (60)
- February 2008 (46)
- January 2008 (41)
- December 2007 (20)
- November 2007 (37)
- October 2007 (36)
- September 2007 (27)
- August 2007 (39)
- July 2007 (34)
- June 2007 (77)
- May 2007 (142)
- April 2007 (722)
- March 2007 (2124)
- February 2007 (612)