“Carpet Bomb” Still A Problem Despite Patch…. Oh Noes!

Apple patched Safari last week, but according to this ZD article, security researcher Billy Rios notes that when Safari is used on a computer with Firefox 2 or 3, there is a risk of an attack that allows a remote attacker to steal files using the “carpet bomb” method. He’s not going into other details at this time so that Apple can fix the issue, but its not good optics for Apple. To be fair, its a problem due to an interaction with another product, so Safari in isolation should be fine (in theory).

Oh yeah, if you look at Billy’s blog, he also has this quote:

“UNREALTED NOTE TO MOZILLA:  Firefox 3 shouldn’t FORCE itself to be my default browser after I install it (YES, I unchecked the default browser checkbox during install)”

Hmmm…. That sounds vaguely familiar. I saw that coming a mile away, just not from him.

Leave a Reply

%d bloggers like this: