Safari “Carpet Bombing” Flaw Is Potentially Serious Says ZDNet And

You’ll recall that in a previous posting I wrote about three flaws in the Apple Safari web browser. I took Apple to task for not fixing all three flaws, which earned me the wrath of the Apple fanboi community (just look at the comments in that posting). Well it seems that others feel the same way that I do. and zdnet have postings that contend that these issues should be fixed now. In the case of, Laureli Mallek contends:

“Assuming Nitesh’s analysis is accurate, “unwanted downloads,” as Apple calls them, represent a serious security threat to users, who can be easily tricked into executing a malicious file. believes that users should have control over software being downloaded to their computers, and we encourage Apple to reconsider its stance and treat this as the security issue that it is.”

And in the case of ZDNet, Ryan Naraine says:

“Think about it: A combo-attack where Dhanjani’s Safari vulnerability is used to drop a nasty executable on your desktop and another (known or unknown) vulnerability used to run it. Instant drive-by malware installation!”

Apple wants to play the security card by claiming that they are more secure than Windows. If they want to do that, they have to address issues like this when they appear as opposed to brushing them off as non-issues. I think part of the problem is that the Apple crowd have this impression that they are immune to the attacks that plague Windows users. The fact is that as the number of Apple users grows, the number of attacks that target the Apple platform will grow as well.

So Apple, do the right thing and fix these issues now.

In the meantime, I’ll continue to use Firefox.

Leave a Reply

%d bloggers like this: