Safari Suffers from "Carpet Bomb" Issue || The Mac Observer

Skip navigational links

Choose text size:

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Safari Suffers from "Carpet Bomb" Issue

Safari Suffers from "Carpet Bomb" Issue

by , 3:35 PM EDT, May 16th, 2008

It's possible for a maliciously crafted website to "carpet bomb" the Windows desktop or the Mac OS X Download destination folder with files according to Nitesh Dhanjani in his O'Reilly blog. Apple is aware of the issue.

The reason this can happen is because Safari can't be configured to block the download of every resource a website offers up. While this isn't strictly a vulnerability, it could be an annoyance or worse since Leopard users wouldn't see the effect right away.

Mr. Dhanjani reported that he raised the issue with the Apple security team who responded that it's not an issue they want to tackle at this time.

The issue is really related to the design of HTML and how some browsers work. Right now, it's probably not a huge concern, but history has proven that any time something like this gets put on the back burner, someone will try to figure out a way to exploit it.

In the meantime, the best course is always to be mindful of where one is surfing. A possible strategy is, when it's necessary to surf in unknown territory, to do it in a VM created by Parallels Desktop or VMware fusion and checkpoint the VM. If something goes wrong, one can always revert to the checkpoint or blow out the VM client completely, leaving Mac OS X unaffected. Firefox is the default browser in all current Linux distributions, a browser well known to most Mac users.

Recent TMO Headlines - Updated May 16th

Sun, 4:40 PM: Apple May Acquire Canoo EV Startup
Fri, 4:23 PM: Warren Buffett’s Apple Investment Was Sentimental, Book Reveals
Fri, 3:41 PM: Clip from Steve Jobs' 1992 MIT Speech Just as Relevant Today
Fri, 3:04 PM: Italian Grandma’s iPad Fails Go Viral on TikTok
Fri, 3:00 PM: Bluetooth Speakers for Dads & Grads
Fri, 2:10 PM: Apple Shares Teaser Trailer for New Animated Film 'Luck'
Fri, 1:27 PM: Creator of the iPod Tony Fadell Shares Concerns of Zuckerberg's Metaverse
Fri, 12:37 PM: Elon Musk Wavers Over Twitter Deal, Many Ponder His Next Move
Fri, 9:19 AM: Release Candidate for macOS Monterey 12.4 Seeded, Bringing Universal Control Out of Beta
Fri, 8:39 AM: Anti-Union Talking Points in a Leaked Apple Memo Say Employees Can Lose Benefits and Career Opportunities
Fri, 7:58 AM: Apple Seeds Release Candidate iOS 15.5, iPadOS 15.5, watchOS 8.6 and tvOS 15.5 to Developers
Thu, 4:35 PM: Apple Supplier Foxconn Reports Increase Revenue in 1Q22 Despite China Lockdown

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.