Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Premium Member
Joined
·
39,538 Posts
Discussion Starter · #1 ·
Microsoft has warned that a previously disclosed flaw in Apple's Safari browser could have dire consequences for Windows users.

The Safari bug, originally disclosed on 15 May by security researcher Nitesh Dhanjani, allows attackers to litter a victim's desktop with executable files, an attack known as "carpet bombing."

It turns out that if this flaw is exploited in combination with a second unpatched bug in Internet Explorer, attackers can run unauthorised software on a victim's computer, according to Aviv Raff, a security researcher. Raff said he originally reported the IE flaw to Microsoft more than a year ago, and then told them about how it could be combined with the carpet bombing bug just over a week ago.

For the attack to work, a victim must first visit a maliciously crafted Web page with the Safari browser, which in turn will trigger the carpet bombing attack and exploit the IE flaw. Both the Safari and IE bugs "are moderate vulnerabilities that, combined, produce a critical flaw, which allows remote code execution," Raff said.


http://www.techworld.com/security/news/index.cfm?RSS&NewsID=101644
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top