Safari on Windows and Carpet Bomb

An iTunes update this morning finished by prompting me to install the Safari (Mac web browser) 3.1.2 update on my Vista Ultimate laptop.

I scratched my head a bit because, A) I don’t have Safari installed on this machine, and B) the pop-up window had a glitch:

image

Apparently the Safari-on-Windows carpet bomb bug announced May 30 was fixed on Friday June 20 (this is for both Vista and XP):

Carpet Bomb Bug – The flaw enabled Safari to automatically launch executable files downloaded from a malicious website while in a trusted IE zone. Specifically, users were vulnerable to remote attack if they visited a website in IE 7 with an enabled “launching applications and unsafe files” setting, or if the visited website was in the IE 6 “Local Intranet” or “trusted sites” zone.

Since I’ve already got IE7 and Firefox on this rig, I’m going to pass on the Safari browser. I’ve got enough on my plate without opening another attack vector for some hacker using blended threats. Sketchy update screens don’t instill much confidence either (someone else can be the canary) 😉

I wonder if the smug Apple advertisers will make a commercial out of that one?

(Insert Mac/PC shtick here)
MAC – “Hey PC, I’m bored. Let’s go browse the web”
PC – “OK, can we take your car? Mine’s installing WGA right now”
MAC – (laughs) “Sure. Um, where do I put my Pod and stuff?”
PC – “Just toss them on my desktop, I put stuff up there all the time”
MAC – “Great, thanks”
PC – “Oops, we’re dead”

Disclaimer: I own two Macs.

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Leave a Reply