A vulnerability in Apple's Safari Web browser could give an attacker the ability to cover the desktop of a victim's computer with executable files and, paired with a second flaw, could allow malicious code to run, Microsoft stated in an advisory on Friday.
While separately the flaws are only considered to be a moderate threat, together the two flaws -- one found by security consultant Nitesh Dhanjani and the other found by security researcher Aviv Raff -- are far more dangerous, Microsoft said.
"A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a users machine without prompting, allowing them to be executed," the company stated in its advisory. "An attacker could trick users into visiting a specially crafted Web site that could download content to a users machine and execute the content locally using the same permissions as the logged-on user."
Apple's version of its Safari Web browser for Windows has had to shake out a number of bugs over the past year. Last June, a day after the beta version of the browser was released, three vulnerability researchers published details of a handful of bugs, some of which affected the Mac version of the browser shipping at that time. In March, security researcher Charlie Miller used a vulnerability in the Safari browser to compromise the MacBook Air at the PWN2OWN competition in Vancouver, B.C.
Apple was originally not interested in fixing the vulnerability that allowed a remote attacker to place files on the Windows desktop, according to consultant Dhanjani, who referred to the issue as "carpet bombing." However, Microsoft stated in its advisory that it had begun working with Apple on the issue.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos