Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
Computerworld Publication PageNetworkWorld Publication PageCIO Canada Publication PageITJobUniverse.ca - The Information, Communication and Technology (ICT) Job Board
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"
Provided by: Citrix
read more
From fear to value: CIO strategies for propelling business through the economic crisisFrom fear to value: CIO strategies for propelling business through the economic crisis
Provided by: IBM
read more
Reaping the rewards of your service-oriented architecture infrastructureReaping the rewards of your service-oriented architecture infrastructure
Provided by: IBM
read more
Yuk it Up
Featured IT Quiz
IT Quiz: Test yourself to see if you have the knowledge to fit into the open source world, and compare yourself with the rest of the respondents.
Sign-Up for
Departmental and End User Computing
eNewsletter Delivered Weekly
Click here
Page 1 of 2

Digg it Twitter

Stop using Safari for now: Microsoft

By: Gregg Keizer - Computerworld U.S.  (02 Jun 2008)

Microsoft Corp. has advised Windows users not to use Safari for Web browsing until either Apple or Microsoft releases a security patch. Apple has nothing to say for now.

In an unusual move, Microsoft Corp. on Friday urged Windows users not to surf with Apple Inc.'s Safari browser until one of the companies makes a patch that plugs security holes.

One security researcher noted that Microsoft's public warning -- and Apple's silence on the subject -- are typical for the two rivals and illustrate their different approaches to security.

On Friday, the Microsoft Security Response Center (MSRC) issued a security advisory for what it called a "blended threat" caused by combination of a bug in Apple's Safari Web browser and a vulnerability in how Windows XP and Windows Vista handle executable files placed on the desktop.

"Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple's Safari for Windows has been installed," said the advisory.

The Safari bug Microsoft referred to is the same one disclosed two weeks ago by researcher Nitesh Dhanjani, which Apple declined to treat as a security issue, said Andrew Storms, director of security operations at nCircle Network Security Inc. "Clearly, that's what they're talking about," said Storms.

In mid-May, Dhanjani posted information about what he dubbed a "carpet bomb" attack made possible because Safari lacks an option to require a user's permission to download a file. Attackers, Dhanjani claimed, could populate a malicious site with rogue code that Safari would automatically download to the desktop.

Apple told Dhanjani that it did not consider the problem a security issue, but might fix it in a future Safari update. The next week, the anti-malware group Stopbadware.org criticized Apple for that position. "We encourage Apple to reconsider its stance and treat this as the security issue that it is," said the group in a statement May 19.

Then on Friday, Microsoft also fingered Safari as a problem. "Restrict use of Safari as a Web browser until an appropriate update is available from Microsoft and/or Apple," the company told users in the advisory.

But Microsoft also admitted that a successful attack would require not only leveraging the Safari bug, but also exploiting a vulnerability in its own software. "A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a user's machine without prompting, allowing them to be executed," said Microsoft.

Page 1 of 2
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
Mr.Reply to this commentReport an innapropriate comment
This is a bug only because Windows does not handle such situations. Anyone writing for Windows learns quickly that the OS does precious little in the name of protection. The applications need to take care. I don't blame Apple at all for their stand. MS needs to fix their software otherwise ALL other vendors will continue to need to fix theirs. I shouldn't have to be in my secure home and still have to lock my wallet additionally.
Written by: Deepak, from
RE: Mr.Reply to this commentReport an innapropriate comment
Please, oh please tell me those comments about EVERYTHING ALWAYS being TOTALLY up to the OS (of any platform) are not serious!!!! I increasingly fear for my IT world when, on sites such as these, the issues are not dealt with logically and completely (i.e. the WHOLE picture in regards to RESPONSIBILITY taken on by ALL parts -- hardware and software -- on a system). Rather, waaaaay too often, these ppl speak always and only from their CAMP (i.e. Apple). They don't want solutions -- they just want their camp to win. Let's replace 'camp mentality' (of any kind!) with analysis, thinking and teamwork. Please!
Written by: Wanda Rebin, from Canada
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Related Content
Articles

White Papers
Improving business through smart energy and environment policy
Businesses and public entities today face increasing pressure to develop policies that are both good for the planet and good for business. A framework developed by IBM offers businesses and other organizations a comprehensive approach to energy and environmental issues. The framework helps identify and prioritize environmental efforts by breaking down problems and opportunities into seven distinct business areas, which can then be segmented into manageable projects.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
ComputerWorld Canada | NetworkWorld Canada | CIO Canada | IT Business | CDN | Direction Informatique | PCWorld Canada | Macworld Canada | IT Job Universe | my IT Vendor
©2009 ITworldcanada.com All rights reserved.