Microsoft warned on Friday that Apple's Safari Web browser for Windows exposes PCs to a security hole that permits potentially malicious files to be downloaded to a user's machine and run without prompting the user.
Microsoft's advisory comes two weeks after security researcher Nitesh Dhanjani warned both Redmond and Cupertino that Safari introduces a vulnerability in Windows and OS X machines, which allows any rogue Web site to "carpet bomb" the user's Desktop (Windows), or Downloads directory (Apple), with unwanted files (Safari is not installed by default on Windows machines).
Dhanjani said Apple indicated it wasn't in a hurry to fix the Windows vulnerability, if it ever got around to it. "Apple does not feel this is a issue they want to tackle at this time," Dhanjani wrote on his blog. "In my most recent email to Apple, I suggested that they incorporate an option in Safari so the browser can be configured to ask the user before anything is downloaded to the local file system.
37 Comments - Add comment