OSX Safari Exploit

Dorian_Gray

Cherished Member
Joined
Mar 18, 2006
Posts
1,297
Media
43
Likes
253
Points
208
Location
Hiding in the light...
Gender
Male
OSX users watch out. This is now a well known exploit for OSX and Safari. I am unsure of the version of OSX it affects but it affects all versions of Safari. Even on windows where Safari is still in beta. In OSX Safari doesn't verify with the user when a resource is downloaded and it litters your ~/Downloads/ folder with icons. The potential security threat here is that an end user would click on an icon and it would take them to a website that would install malware or (more in windows case) spyware. Here's a link to the article.

Apple under pressure to fix Safari ‘carpet bomb’ flaw | Zero Day | ZDNet.com

I would have named the thread Windows Safari Exploit but since the vast majority of Safari users are mac users I just figured...
 

transformer_99

Experimental Member
Joined
Aug 5, 2006
Posts
2,429
Media
0
Likes
9
Points
183
Sexuality
100% Straight, 0% Gay
Gender
Male
That has always been Apple's stance on most of it's unresolved exploits.

Techworld.com - Mac OS X security myth exposed

who knows what it's been like since that article was written, but let's face it, if OS X or Linux commanded the market share Windows has, would either be as good as Microsoft. A google search indicates Apple security updates for double digit flaws in many instances. Linux is the most responsive of the 3 though, MS limits it's updates to once a month, every 2nd Tuesday if I recall and Mac has an obligatory one that may happen every month ? Linux updates are constant, they may be nagging, but at least it shows they are reacting in a timely manner.

Since Windows 98 days, I've only had 2 denial of service attacks ever and that was so close to the year 2000, it's not really been an issue for a good 5 years or more on what Windows OS's I've used. Linux and OS X, never had any issues period. But let's face it, up until the Intel Mac's Apple had what, 3 % of the market and Linux even less ? Why attack them, you really aren't effecting too many users and disrupting computing with downtime ?
 

Dorian_Gray

Cherished Member
Joined
Mar 18, 2006
Posts
1,297
Media
43
Likes
253
Points
208
Location
Hiding in the light...
Gender
Male
That has always been Apple's stance on most of it's unresolved exploits.


I know, right!:mad: Personally I think that when Windows has a security flaw its patched a lot quicker than apple has ever thought about with OSX. APPLE = SLOW

But OSX is generally leaps and bounds better than Windows (specifically vista).

FEDORA 9 FTW!!
 

transformer_99

Experimental Member
Joined
Aug 5, 2006
Posts
2,429
Media
0
Likes
9
Points
183
Sexuality
100% Straight, 0% Gay
Gender
Male
Effect on Iphone useing Safari????

That's a distinct possibility. I think though, from what I read and understood from the article, it effects the Windows version. So it's really an attack on Windows ultimately. Whether it be Windows installed via "boot camp" on a Intel Mac or a PC where the user installed Safari thinking his Windows PC would be safer with a Mac web browser for Windows ? Definitely makes a case for Virtual installations on any of them. That way if the VM gets corrupted with that crap, you just start over with a new virtual machine.
 

Dorian_Gray

Cherished Member
Joined
Mar 18, 2006
Posts
1,297
Media
43
Likes
253
Points
208
Location
Hiding in the light...
Gender
Male
That's a distinct possibility. I think though, from what I read and understood from the article, it effects the Windows version. So it's really an attack on Windows ultimately. Whether it be Windows installed via "boot camp" on a Intel Mac or a PC where the user installed Safari thinking his Windows PC would be safer with a Mac web browser for Windows ? Definitely makes a case for Virtual installations on any of them. That way if the VM gets corrupted with that crap, you just start over with a new virtual machine.


It still affects OSX but it doesn't have anywhere near the security risk as the windows version. The version of Safari on the iPhone is a different version than normal, I'm not sure if its affected at all. But if the iPhone is vulnerable nothing would really come of it. You can't access the ~/Downloads/ folder on the iPhone to actually use the icons that are d/l'ed.