Safari Suffers from "Carpet Bomb" Issue
Safari Suffers from "Carpet Bomb" Issue
by , 3:35 PM EDT, May 16th, 2008
It's possible for a maliciously crafted website to "carpet bomb" the Windows desktop or the Mac OS X Download destination folder with files according to Nitesh Dhanjani in his O'Reilly blog. Apple is aware of the issue.
The reason this can happen is because Safari can't be configured to block the download of every resource a website offers up. While this isn't strictly a vulnerability, it could be an annoyance or worse since Leopard users wouldn't see the effect right away.
Mr. Dhanjani reported that he raised the issue with the Apple security team who responded that it's not an issue they want to tackle at this time.
The issue is really related to the design of HTML and how some browsers work. Right now, it's probably not a huge concern, but history has proven that any time something like this gets put on the back burner, someone will try to figure out a way to exploit it.
In the meantime, the best course is always to be mindful of where one is surfing. A possible strategy is, when it's necessary to surf in unknown territory, to do it in a VM created by Parallels Desktop or VMware fusion and checkpoint the VM. If something goes wrong, one can always revert to the checkpoint or blow out the VM client completely, leaving Mac OS X unaffected. Firefox is the default browser in all current Linux distributions, a browser well known to most Mac users.
Observer Comments
Fri May 16, 2008 5:10 pm Subject: Folder watch action?
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated July 6th
- Fri, 10:29 AM
- News - Apple Warns of Learning Interchange Security Breach
- 7:30 AM
- News - Happy Fourth of July!
- Thu, 6:07 PM
- TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
- 5:37 PM
- News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
- 4:57 PM
- News - Microsoft Sick Over Barf Ad
- 4:09 PM
- Product News - KRK Ships R6 Passive Studio Monitor for Recording
- 3:45 PM
- John Martellaro's Blog - Particle Debris (week ending 7/2) Juiced, Joost and Goosed
- 3:12 PM
- Product News - ExactScan 2 Pro Released
- 1:56 PM
- Deal Brothers - Apple TV with 160GB Hard Drive: $324.00 Delivered
- 12:46 PM
- TMO Appearances - TMO Appearances Jeff Gamet Shares iPhone Apps on MacJury
- 10:41 AM
- Product News - Art Text 2.2 Adds New Templates, Layer Options [Updated]
- 10:04 AM
- Hot Forum Topic - Deciphering Mac Sales
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
OWC: Big Drives, High Performance - Not High Prices! SATA 3.5" up to 1.5TB. Notebook up to 500GB. FW up to 6.0TB. 1.0TB Drive Models from as low as $97.99 www.MacSales.com
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click hereFor the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
