Safari Suffers from "Carpet Bomb" Issue
Safari Suffers from "Carpet Bomb" Issue
by , 3:35 PM EDT, May 16th, 2008
It's possible for a maliciously crafted website to "carpet bomb" the Windows desktop or the Mac OS X Download destination folder with files according to Nitesh Dhanjani in his O'Reilly blog. Apple is aware of the issue.
The reason this can happen is because Safari can't be configured to block the download of every resource a website offers up. While this isn't strictly a vulnerability, it could be an annoyance or worse since Leopard users wouldn't see the effect right away.
Mr. Dhanjani reported that he raised the issue with the Apple security team who responded that it's not an issue they want to tackle at this time.
The issue is really related to the design of HTML and how some browsers work. Right now, it's probably not a huge concern, but history has proven that any time something like this gets put on the back burner, someone will try to figure out a way to exploit it.
In the meantime, the best course is always to be mindful of where one is surfing. A possible strategy is, when it's necessary to surf in unknown territory, to do it in a VM created by Parallels Desktop or VMware fusion and checkpoint the VM. If something goes wrong, one can always revert to the checkpoint or blow out the VM client completely, leaving Mac OS X unaffected. Firefox is the default browser in all current Linux distributions, a browser well known to most Mac users.
Observer Comments
Fri May 16, 2008 5:10 pm Subject: Folder watch action?
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated May 23rd
- Wed, 9:31 AM
- How-To - How to Configure a Static DHCP Reservation with Airport Extreme
- 8:57 AM
- News - Apple’s Jonathan Ive Knighted in London
- 8:21 AM
- Product News - Apple Camera Raw Update Adds Canon, Olympus Support
- 7:50 AM
- TMO Quick Tip - Mac OS X: Handy Terminal Dock Tweaks
- Tue, 9:51 PM
- News - NPD: Apple Dominates Q1 Mobile PC Shipments
- 7:17 PM
- Apple Stock Watch - Barclays: Apple Is So Big…
- 4:01 PM
- Deal Brothers - New Mac Pro 12 Core 2.66GHz Intel Xeon: $4739
- 4:00 PM
- Analysis - Estimated Apple TV Sales to Date: 6.3 Million
- 3:20 PM
- Video Review - Buffalo AirStation WZR-D1800H 802.11ac Router Video Review
- 1:47 PM
- News - Apple’s Brand Value Grows 19%, Remains World’s Top Brand
- 11:13 AM
- News - Galaxy Tab Injunction Hearing Set for June 7
- 10:35 AM
- MGG Answers - How to Troubleshoot Connection Issues on Public Wi-Fi Networks
The Mac Observer Reader Specials
Macsales.com SuperSpeed SSDs from $58. Transform your Mac with an SSD Solution of up to 960GB! You won't believe it's the same machine! Once you experience an OWC SSD, no going back! - Macsales.com
Mac RAM Upgrades: MacBook Pro 16GB kits $475, 8GB Kits for $119.99! iMac 16GB RAM Kits (4x 4GB) for $229.99! Mac Pro Memory 32GB Kit for $399.99, 64GB Kit for $889.99! Mac Hard Drives 2TB Seagate SATA II for $249.99! Click Here!
If you're using a Mac, then you've gotta check out PokerOnAMac.com. Online casinos and poker rooms are literally giving away cash and the casino sites at Poker on a Mac do the unthinkable, they actually reward! Join today, the download is free! 
Looking to find online casinos for mac? We can help you find the best real money casino sites where you can play your favorite casino games including blackjack and slots. -
-
-
-
-
-
