Apple Patches Safari "Carpet Bomb" Security Flaw

Apple has released a new version of Safari for Windows, fixing a critical bug that allowed attackers to download files onto a users desktop.

Microsoft announced the bug a couple of weeks back, advising customers using Safari to restrict their use of the browser until an appropriate update was available from Microsoft and/or Apple.

When Apple was first notified of the bug in Safari, it didn’t seem to be in any rush to fix it. According to the Washington Post Security Researcher, Nitesh Dhanjani, spoke to Apple and Microsoft about the bug and suggested that Apple add a feature to Safari, which asks the user’s permission before downloading anything. Apple told Dhanjani that while the company thought this was a great idea and would forward it to the Safari team, it was not treating it as a security issue but rather a way to stop unwanted downloads.

Originally, it was reported that the bug was basically a hole, which allowed an attacker to caret bomb a user by downloading files to their desktop. However it then emerged, that coupled with a bug in Internet Explorer, attackers could run programs on a victim’s computer without their knowledge.

Safari 3.1.2 now notifies a user before downloading anything to their computer and Apple has also changed the default location for files downloaded using safari. Instead of saving directly to the desktop, Window’s XP downloads will go to users’ Documents folders and Vista downloads will be saved to the Downloads folder.

Click here to get download the newest version of Safari.

  • royalcrown
    Wouldn't that be upload onto a user's desktop and download from a user's desktop Jane ?

    If your gonna write tech, it helps to know the jargon, keeps you from sounding green :)
  • nekatreven
    @RC: Actually, in this case the attacker instructs the victim's computer to download onto the user's desktop or upload from the user's desktop; as was correctly described in the article.

    Its a simple matter of perspective. Even though the commands come from the attacker's side no file share has been opened on the victim's computer that could accept an upload or offer a download, so the victim is not acting as a server. The 'client' mentality/perspective remains with the victim because its the victim's machine that is initiating requests to servers that are offering or accepting files; so files arriving are being downloaded and files leaving are being uploaded.

    If you're going to nitpick and criticize other people about something this trivial it helps to know what you're talking about, keeps you from looking like a jerk
  • Thank you nekatreven for taking the the time to remind someone that it helps to think before posting. Of course, in common knowledge/usage, this process was also obvious to everyone else.