So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you're using Safari on Windows. Apple doesn't see this as a security vulnerability and thus isn't too interested in fixing it (which boggles my mind - but I digress). Well it seems we're not the only ones concerned about this way of thinking: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9087679&intsrc=news_ts_head
While the ability to drop a file on your desktop in and of itself isn't necessarily a serious security vulnerability - it could be chained with another vulnerability to allow very bad things to happen (i.e. imagine a combo attack where one vulnerability is used to drop an EXE on your desktop using the Nitish / Rios method and another as of yet un-disclosed vuln is used to run it). Right now with Safari on Windows - the bad guys are 50% of the way to direct code execution of whatever binary they chose to run . . . all they have to do is find a way to get that dropped binary to run. Will it happen? Time will tell I suppose . . . seems rather risky to leave this vulnerability out there when it seems like it would probably be a rather easy fix.
PingBack from http://blogs.zdnet.com/security/?p=1212
Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to
Apple's been making hay in its Mac vs. PC ads about Windows' security and malware problems. But now that Apple's playing in Microsoft's sandbox with a Windows version of the Safari Web browser, the worm has turned. The Windows version...