Apple has released a new version of Safari for Windows, fixing a critical bug that allowed attackers to download files onto a users desktop.
Microsoft announced the bug a couple of weeks back, advising customers using Safari to restrict their use of the browser until an appropriate update was available from Microsoft and/or Apple.
When Apple was first notified of the bug in Safari, it didn’t seem to be in any rush to fix it. According to the Washington Post Security Researcher, Nitesh Dhanjani, spoke to Apple and Microsoft about the bug and suggested that Apple add a feature to Safari, which asks the user’s permission before downloading anything. Apple told Dhanjani that while the company thought this was a great idea and would forward it to the Safari team, it was not treating it as a security issue but rather a way to stop unwanted downloads.
Originally, it was reported that the bug was basically a hole, which allowed an attacker to caret bomb a user by downloading files to their desktop. However it then emerged, that coupled with a bug in Internet Explorer, attackers could run programs on a victim’s computer without their knowledge.
Safari 3.1.2 now notifies a user before downloading anything to their computer and Apple has also changed the default location for files downloaded using safari. Instead of saving directly to the desktop, Window’s XP downloads will go to users’ Documents folders and Vista downloads will be saved to the Downloads folder.
Click here (opens in new tab) to get download the newest version of Safari.