http://blogs.technet.com/b/robert_hensing/archive/2008/05/22/safari-carpet-bombing-fail-open-goat-award.aspxSo last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you're using Safari on Windows. Apple doesn't see this as a security vulnerability and thus isnen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/robert_hensing/archive/2008/05/22/safari-carpet-bombing-fail-open-goat-award.aspx#3064260Sat, 31 May 2008 18:04:57 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3064260TechBlog<p>Apple's been making hay in its Mac vs. PC ads about Windows' security and malware problems. But now that Apple's playing in Microsoft's sandbox with a Windows version of the Safari Web browser, the worm has turned. The Windows version...</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=3064260" width="1" height="1">http://blogs.technet.com/b/robert_hensing/archive/2008/05/22/safari-carpet-bombing-fail-open-goat-award.aspx#3063303Fri, 30 May 2008 10:20:01 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3063303Roger's Security Blog<p>Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=3063303" width="1" height="1">http://blogs.technet.com/b/robert_hensing/archive/2008/05/22/safari-carpet-bombing-fail-open-goat-award.aspx#3062906Thu, 29 May 2008 22:41:18 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3062906 Why Apple must fix Safari &#8216;carpet bombing&#8217; flaw immediately | Zero Day | ZDNet.com <p>PingBack from <a rel="nofollow" target="_new" href="http://blogs.zdnet.com/security/?p=1212">http://blogs.zdnet.com/security/?p=1212</a></p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=3062906" width="1" height="1">