RSS Feed
Sunday, June 1, 2008 | 
Microsoft security advisory: Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
Microsoft
Microsoft on May 30, 2008 issued an advisory that warned windows users to not use apple's safari web browser until a patch is available that could stop the attackers to hack computers.
Microsoft Security Response Center (MSRC) issued a security advisory, which it called a "blended threat".
It is caused by a combination of a bug in Apple's Safari Web browser and the vulnerability in the way the Windows XP and Vista handle executable (exe) files on the desktop. This allows the remote execution of malicious code on all supported Windows XP and Vista when the Safari web browser for Windows is installed. This bug was disclosed 2 weeks ago by a researcher Nitesh Dhanjani.
Safari lacks an option to require a user's permission to download a file. Attackers, could populate a malicious site with a code that Safari that would automatically download to the desktop, which is the default location.
Nitesh Dhanjani
A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a user’s machine without prompting, allowing them to be executed. Safari is available as a stand-alone install or through the Apple Software Update application.
An attacker could trick users into visiting a specially crafted Web site that could download content to a user’s machine and execute the content locally using the same permissions as the logged-on user.
Microsoft
0 comments:
Post a Comment