The Channel logo

News

By | John Leyden 23rd June 2008 12:34

Threat remains despite Safari carpet bombing fix

Blended beastliness

Apple finally fixed a "carpet bombing" flaw in the Windows version of its Safari web browser, but security researchers warn that the consumer electronics giant's patch only provides partial relief from bugs involving the interaction of Safari and other browser packages.

A flaw that meant Safari automatically downloaded executable files based on IE zone settings was one of three vulnerabilties in the browser addressed in an update published by Apple on Thursday.

The other two updates addressed errors in processing image files that created a memory disclosure risk and a memory corruption flaw involving the handling of JavaScript arrays.

Upgrading to version 3.1.2 addresses all three bugs, according to Apple.

However, security researcher Billy Rios warns that the "carpet bombing" fix is only partial. If Safari is used on a system where Firefox is also installed it might be possible to steal arbitary files, he warns. The flaw, like the carpet bombing bug before it, involves a blended threat concerning how Safari and other browser packages work together. Rios is holding back details of the bug pending a release from Apple. ®

comment icon Read 7 comments on this article alert Send corrections

Opinion

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap
Steve Bennet, ex-Symantec CEO

Chris Mellor

Enormo security firm needs to get serious about acquisitions

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust