Smart Technology for Smart Companies

Topics:

Apple Fixes Safari 'carpet Bomb' Bug

Robert McMillan, IDG News Service

Thursday, June 19, 2008 3:20 PM PDT

Apple has reversed course and patched a bug in its Safari browser after security researchers showed how it could be used to run unauthorized software on a Windows machine.

The "carpet bomb" bug, which was originally discovered by security researcher Nitesh Dhanjani, was initially thought to be less serious than it turned out to be.

Dhanjani showed how Safari could be misused to litter a victim's desktop with downloaded programs, but two weeks after he disclosed his research, another hacker, named Aviv Raff, showed that this flaw could be exploited in tandem with other problems in Windows and Internet Explorer to run unauthorized software on a victim's PC.

That prompted Microsoft to issue its own warning about the issue. It also caused some security experts to caution Web surfers about using Safari on the Windows platform.

According to Dhanjani, Apple initially told him that it did not intend to fix the issue, but apparently the company has now changed its mind.

Apple fixed the issue in the 3.1.2 version of its Safari browser for Windows, which was released Thursday afternoon. This update addresses a total of four security issues in Safari, including bugs in the way Safari renders JavaScript arrays and handles the downloading of executable files.

It also fixes a less-critical issue in the way Safari renders Bitmap and Gif images, which could give attackers a peek at the memory of a victim's computer, Apple said.

Thursday's update was for Windows computers only, and Apple has not yet released a 3.1.2 Safari update for the Mac.

Sponsored Resource:How does your network security compare to those of your peers? Visit the CDW Security Center to find out.
Sponsored Resource:Learn more about ultra light notebooks from Asus and the best warranty in the industry.
Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
Sponsored Resource:Get the truth about remanufactured ink. Learn more from HP.
Sponsored Resource:Six smart ways to grow small business IT

Recommend this story?
Vote Yes
Vote No
0 Yes
0 No
Email
Comment

Community Comments

News For Your Business

More News

PC World's Marketplace

PC World's Free Whitepapers

Security News

Cell Phones - October 12, 2008
Six Essential Apple iPhone Security Tips Security is a tech manager's top concern when it comes to mobile devices--here's how to use them to your advantage with minimal risk.
Security - October 11, 2008
Vendors, Cops, Profs Team to Study Cybercrime Tech vendors and the Secret Service are among those working with an evaluation of trends and best practices for security.
Productivity - October 11, 2008
Microsoft Readies Flood of Patches The 11 patches include 4 critical fixes, plus updates to Windows, Office, and IE.
Security - October 10, 2008
Mafiaboy Grows Up; a Hacker Seeks Redemption Eight years later, the infamous teen hacker wants to move from his history of downing sites to using his skills for good.

Latest Expert Blogs

Glenn Fleishman on Hardware - August 15, 2008 10:11 AM
Wake Me When You Need Me, Says Intel Intel's Remote Wake lets a computer listen intelligently for a signal to rouse from sleep mode and carry out an activity.
Neil McAllister on Software - August 19, 2008 6:04 PM
Microsoft Sends Up Trial Balloons for Windows 7 While Vista takes a beating in the press, Microsoft seems increasingly willing to disclose details of its forthcoming OS.
Erik Larkin on the Web - September 08, 2008 11:30 AM
Block Google-Yahoo Ad Deal, Advertisers Argue The Association of National Advertisers opposed the pending deal in a Sunday letter sent to the U.S. Department of Justice.

All Blogs

Featured Resources

Premier Content From Our Sponsors

HP LaserJet Printers Satisfy your office needs by combining fax, copy and scan capabilities with high-quality laser printing.
CDW Security CenterHow does your network security compare to those of your peers? Click here to find out...

Best Prices on Security Software

Norton Internet Security 2008Price: $13.98

4.13 stars

Internet Security 2008 - 3-User (Full Product, PC)Price: $11.49

4.00 stars

PANDA SOFTWARE Platinum 2006 Internet Security ( Windows )Price: $2.99

5.00 stars

ID Vault USB Security DevicePrice: $8.98

4.67 stars

Featured Whitepapers

White papers, case studies and product info from top brands

Featured Webcasts

Watch webcast presentations and videos from industry thought leaders on today's most important business and technology topics. For free.

Web Application Security: Causes, Discovery and Remediation Type: audio Company: eEye Digital Security Categories: Compliance,Security
5 Steps to Increasing Productivity & Profitability with Email Hosting Type: audio Company: USA.NET & Osterman Research Categories: Mobile ,Security,System Management

More webcasts