Microsoft has issued an advisory warning for Windows users who have installed Apple’s Safari for Windows browser that their systems may be susceptible to attack.

The Vulnerability was first reported last month by Nitesh Dhanjani and later dismissed by Apple as not to be a security threat.

Robert Vamosi says in his cnet.com blog

“The Safari "carpet bombing" attack was first described by Nitesh Dhanjani last month, but dismissed by Apple as a serious threat. Under Dhanjani's scenario, a user would surf using Apple Safari for Windows to a maliciously crafted Web site such as http://malicious.example.com/. Dhanjani says Safari does not know how to render content-type of blah/blah, so it starts downloading carpet_bomb.cgi, executing the downloaded files with the same rights as the logged-on user. The end result is the victim's desktop is populated with a variety of malicious files.”

Microsoft says that the threat is

“A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a user’s machine without prompting, allowing them to be executed. Safari is available as a stand-alone install or through the Apple Software Update application.”

“An attacker could trick users into visiting a specially crafted Web site that could download content to a user’s machine and execute the content locally using the same permissions as the logged-on user.”

Microsoft suggests in its advisory that Windows users who have installed Apple Safari should restrict the use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.

Microsoft have put forward the following workaround for users who wish to continue using the Safari browser.

Change the download location of content in Safari to a location other than ‘Desktop’

Launch Safari. Under the Edit menu select Preferences.

At the option where it states Save Downloaded Files to:, select a different location on the local drive.

Where to next?
	Back to the home page Take me back to the beginning of the Omigaman website		Find out more about Omigaman Ltd We are driven by our passion to create innovative applications through technology. Come and find out more about us
	Scalable business software solutions Omigaman seeks to understand its clients rather then just respond to them. Click here to find out how TacTic can meet your needs		Industry news and events click here to read the latest industry news and events
	Request a Live Demo Tour Our live demo team are available to give you a guided tour of TacTic and discuss how our software can meet your requirements. Click here to request a Live Demo