After more than two years, Apple’s Safari browser for Macs remains vulnerable
to attacks that allow websites to litter a user’s hard drive with thousands of
malicious files.

The "carpet bomb" vulnerability was publicly disclosed in May 2008 after
members of Apple’s security team said they didn’t consider the quirk a security
issue. After Microsoft took the unusual step of advising its customers to stop
using Safari, Apple issued a patch Windows versions but not for OS X.

"This means that if you use the Safari browser on OSX, a malicious entity can
drop any amount of binaries or data files into your ~/Downloads/ folder," Nitesh
Dhanjani, the researcher who credited with discovering the vulnerability, wrote
over the weekend.

Теги:

Оставить мнение

Check Also

Злой дебаг. Исследуем и взламываем приложения для Android при помощи отладчика

Мы уже неоднократно рассказывали о взломе приложений для Android. Несколько раз мы вскрыва…