Safari Suffers from "Carpet Bomb" Issue
Safari Suffers from "Carpet Bomb" Issue
by , 3:35 PM EDT, May 16th, 2008
It's possible for a maliciously crafted website to "carpet bomb" the Windows desktop or the Mac OS X Download destination folder with files according to Nitesh Dhanjani in his O'Reilly blog. Apple is aware of the issue.
The reason this can happen is because Safari can't be configured to block the download of every resource a website offers up. While this isn't strictly a vulnerability, it could be an annoyance or worse since Leopard users wouldn't see the effect right away.
Mr. Dhanjani reported that he raised the issue with the Apple security team who responded that it's not an issue they want to tackle at this time.
The issue is really related to the design of HTML and how some browsers work. Right now, it's probably not a huge concern, but history has proven that any time something like this gets put on the back burner, someone will try to figure out a way to exploit it.
In the meantime, the best course is always to be mindful of where one is surfing. A possible strategy is, when it's necessary to surf in unknown territory, to do it in a VM created by Parallels Desktop or VMware fusion and checkpoint the VM. If something goes wrong, one can always revert to the checkpoint or blow out the VM client completely, leaving Mac OS X unaffected. Firefox is the default browser in all current Linux distributions, a browser well known to most Mac users.
Observer Comments
Fri May 16, 2008 5:10 pm Subject: Folder watch action?
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 8th
- Sat, 7:58 PM
- News - Apple TV 3.0.1 Update Fixes Missing Content Bug
- Fri, 7:45 PM
- Rumor - Taiwan Leak Shows Verizon UTMS/CDMA iPhone for Q3 2010
- 6:40 PM
- News - iPhone Moves Into RadioShack
- 6:30 PM
- News - Apple to Open Stunning Paris Apple Store in Le Louvre on Saturday
- 5:43 PM
- Free on iTunes - Dictionary, Dictionary, Dictionary, And More
- 4:09 PM
- John Martellaro's Blog - Particle Debris (week ending 11/6) Failure IS an Option
- 3:32 PM
- Games - The Latest App Store Games: Gravity Sling, RocketBird, Ground Effect, Checkers!
- 2:25 PM
- Games - Star Soccer 2010 for Mac Puts Gamers in Role of Up-and-Coming Player
- 2:15 PM
- How-To - The Mysteries of Rosetta Housekeeping
- 1:33 PM
- News - iPhone Game Developer Sued for Collecting User’s Cell Numbers
- 1:17 PM
- Games - Warhammer Online Expands Trial Play Option
- 11:19 AM
- Rumor - Apple May Be Bringing RFID to the iPhone
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Get the Right Memory for Your Mac Top Quality, Competitive Price, Lifetime Backed Free Expert Support + Installation Videos too! MacBook & mini 8GB, iMac 16GB, Mac Pro up to 32GB. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
