After more than two years, Apple’s Safari browser for Macs remains vulnerable
to attacks that allow websites to litter a user’s hard drive with thousands of
malicious files.

The "carpet bomb" vulnerability was publicly disclosed in May 2008 after
members of Apple’s security team said they didn’t consider the quirk a security
issue. After Microsoft took the unusual step of advising its customers to stop
using Safari, Apple issued a patch Windows versions but not for OS X.

"This means that if you use the Safari browser on OSX, a malicious entity can
drop any amount of binaries or data files into your ~/Downloads/ folder," Nitesh
Dhanjani, the researcher who credited with discovering the vulnerability, wrote
over the weekend.

Оставить мнение

Check Also

Гасим файрвол. Учимся эксплуатировать критическую уязвимость в ОС Palo Alto Networks

Palo Alto Networks — один из крупнейших секьюрити-провайдеров. Файрволы этой компании рабо…