A security researcher, Nitesh Dhanjani, has recently discovered that Appleis Safari browser is susceptible to whatis been coined "carpet bombing," an unwelcome barrage of downloaded files. Apple has said that the issue is not of immediate concern, but the StopBadware.org site is urging Apple to take action now in its blog.
The issue was recently described by TMO and relates to the fact that Safari cannot be configured to ask for the useris permission before it downloads a resource. As a result, a maliciously crafted Web page could clutter the useris download destination with hundreds of unwanted files.
Appleis response was:
We can file that as an enhancement request for the Safari team. Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated.
"Assuming Nitesh?s analysis is accurate," wrote Laureli Mallek, in the blog," iunwanted downloads,i as Apple calls them, represent a serious security threat to users, who can be easily tricked into executing a malicious file. StopBadware.org believes that users should have control over software being downloaded to their computers, and we encourage Apple to reconsider its stance and treat this as the security issue that it is."