OSX Safari Exploit

Discussion in 'Et Cetera, Et Cetera' started by Dorian_Gray, May 21, 2008.

  1. Dorian_Gray

    Gold Member

    Joined:
    Mar 18, 2006
    Messages:
    1,317
    Albums:
    1
    Likes Received:
    63
    Gender:
    Male
    Location:
    Hiding in the light...
    OSX users watch out. This is now a well known exploit for OSX and Safari. I am unsure of the version of OSX it affects but it affects all versions of Safari. Even on windows where Safari is still in beta. In OSX Safari doesn't verify with the user when a resource is downloaded and it litters your ~/Downloads/ folder with icons. The potential security threat here is that an end user would click on an icon and it would take them to a website that would install malware or (more in windows case) spyware. Here's a link to the article.

    Apple under pressure to fix Safari ‘carpet bomb’ flaw | Zero Day | ZDNet.com

    I would have named the thread Windows Safari Exploit but since the vast majority of Safari users are mac users I just figured...
     
  2. transformer_99

    Gold Member

    Joined:
    Aug 5, 2006
    Messages:
    2,466
    Likes Received:
    1
    Gender:
    Male
    That has always been Apple's stance on most of it's unresolved exploits.

    Techworld.com - Mac OS X security myth exposed

    who knows what it's been like since that article was written, but let's face it, if OS X or Linux commanded the market share Windows has, would either be as good as Microsoft. A google search indicates Apple security updates for double digit flaws in many instances. Linux is the most responsive of the 3 though, MS limits it's updates to once a month, every 2nd Tuesday if I recall and Mac has an obligatory one that may happen every month ? Linux updates are constant, they may be nagging, but at least it shows they are reacting in a timely manner.

    Since Windows 98 days, I've only had 2 denial of service attacks ever and that was so close to the year 2000, it's not really been an issue for a good 5 years or more on what Windows OS's I've used. Linux and OS X, never had any issues period. But let's face it, up until the Intel Mac's Apple had what, 3 % of the market and Linux even less ? Why attack them, you really aren't effecting too many users and disrupting computing with downtime ?
     
  3. Dorian_Gray

    Gold Member

    Joined:
    Mar 18, 2006
    Messages:
    1,317
    Albums:
    1
    Likes Received:
    63
    Gender:
    Male
    Location:
    Hiding in the light...

    I know, right!:mad: Personally I think that when Windows has a security flaw its patched a lot quicker than apple has ever thought about with OSX. APPLE = SLOW

    But OSX is generally leaps and bounds better than Windows (specifically vista).

    FEDORA 9 FTW!!
     
  4. gjorg

    Gold Member

    Joined:
    Jun 24, 2007
    Messages:
    2,179
    Likes Received:
    10
    Gender:
    Male
    Location:
    USA
    Effect on Iphone useing Safari????
     
  5. transformer_99

    Gold Member

    Joined:
    Aug 5, 2006
    Messages:
    2,466
    Likes Received:
    1
    Gender:
    Male
    That's a distinct possibility. I think though, from what I read and understood from the article, it effects the Windows version. So it's really an attack on Windows ultimately. Whether it be Windows installed via "boot camp" on a Intel Mac or a PC where the user installed Safari thinking his Windows PC would be safer with a Mac web browser for Windows ? Definitely makes a case for Virtual installations on any of them. That way if the VM gets corrupted with that crap, you just start over with a new virtual machine.
     
  6. Dorian_Gray

    Gold Member

    Joined:
    Mar 18, 2006
    Messages:
    1,317
    Albums:
    1
    Likes Received:
    63
    Gender:
    Male
    Location:
    Hiding in the light...

    It still affects OSX but it doesn't have anywhere near the security risk as the windows version. The version of Safari on the iPhone is a different version than normal, I'm not sure if its affected at all. But if the iPhone is vulnerable nothing would really come of it. You can't access the ~/Downloads/ folder on the iPhone to actually use the icons that are d/l'ed.
     
Draft saved Draft deleted