Over the past couple of weeks, a controversy has been brewing over a problem with Apple’s Safari browser on Windows. Nitesh Dhanjani found that there is a Safari carpet bombing issue, whereby maliciously crafted web pages can cause Safari on windows to download files automatically, “carpet bombing” a Windows PC by downloading dozens or even hundreds of files to the Desktop. The risk is that these files may be malicious – not necessarily containing malware, but rather scripts, links to websites, or other deceit-ware that can trick users into double-clicking them. The actual downloads aren’t the real problem, but the possibility of combining this with a more serious attack could lead Safari to become a major vector of Windows insecurity.
Microsoft has reacted, issuing a security advisory about a possible “blended threat” using carpet bombing and other techniques to harm PCs. They do point out that they are unaware of any actual threats in the wild, but their advisory is a clear statement that they are unhappy with Apple’s not rectifying this situation. We await more information from Apple.
