Microsoft warns of blended Safari attack

The software giant has issued an advisory over an Apple Safari for Windows attack first revealed two weeks ago
Written by Robert Vamosi, Contributor

Microsoft has issued an advisory warning Windows users who have installed the Apple Safari for Windows browser that their systems may be vulnerable to attack.

The Safari 'carpet bombing' attack was first described by researcher Nitesh Dhanjani last month, but dismissed by Apple as a serious threat. Under Dhanjani's scenario, a user would surf using Apple Safari for Windows to a malicious website crafted in the following format: http://malicious.example.com/. Dhanjani says if Safari sees a content type in the format blah/blah it does not know how to renfer the proper correct result, so it starts downloading carpet_bomb.cgi, executing the downloaded files with the same rights as the logged-on user. The end result is the victim's desktop is populated with a variety of malicious files.

Microsoft says it is the combination of the default download file location in Safari and how the Windows desktop handles the files that creates the blended threat on all supported versions of Windows XP and Windows Vista when Apple's Safari for Windows has been installed.

Microsoft notes that users who change the default Safari download location are not affected. Its advises users that, to change the download location in Safari, under Edit, select Preferences. Where it says 'Save Downloaded Files to', change the location.

Microsoft said it may follow the advisory with a security update if needed.

Editorial standards