Safari Suffers from "Carpet Bomb" Issue
Safari Suffers from "Carpet Bomb" Issue
by , 3:35 PM EDT, May 16th, 2008
It's possible for a maliciously crafted website to "carpet bomb" the Windows desktop or the Mac OS X Download destination folder with files according to Nitesh Dhanjani in his O'Reilly blog. Apple is aware of the issue.
The reason this can happen is because Safari can't be configured to block the download of every resource a website offers up. While this isn't strictly a vulnerability, it could be an annoyance or worse since Leopard users wouldn't see the effect right away.
Mr. Dhanjani reported that he raised the issue with the Apple security team who responded that it's not an issue they want to tackle at this time.
The issue is really related to the design of HTML and how some browsers work. Right now, it's probably not a huge concern, but history has proven that any time something like this gets put on the back burner, someone will try to figure out a way to exploit it.
In the meantime, the best course is always to be mindful of where one is surfing. A possible strategy is, when it's necessary to surf in unknown territory, to do it in a VM created by Parallels Desktop or VMware fusion and checkpoint the VM. If something goes wrong, one can always revert to the checkpoint or blow out the VM client completely, leaving Mac OS X unaffected. Firefox is the default browser in all current Linux distributions, a browser well known to most Mac users.
Recent TMO Headlines - Updated February 20th
- Wed, 2:47 PM
- Spectrum TV Comes to Apple TV For $15
- Wed, 2:35 PM
- Feds Share Terrorist Watch List With 1,400 Private Companies
- Wed, 2:30 PM
- Mark Zuckerberg Talks Privacy and Encryption with Harvard Law Society
- Wed, 2:19 PM
- Marzipan is going to be a big deal for the Mac
- Wed, 1:40 PM
- Scout - The World's Most Versatile Charger: $39.99
- Wed, 1:37 PM
- Advice to 1999 Apple Customers, Facebook Tomfoolery – TMO Daily Observations 2019-02-20
- Wed, 1:31 PM
- Apple Pay has 383 Million Users Globally
- Wed, 1:13 PM
- Facebook Blames Users for Expectation of Privacy
- Wed, 11:32 AM
- Sharenting is When You Over Share Your Kid Online
- Wed, 11:22 AM
- WinRAR Fixes 14-Year-Old Bug
- Wed, 10:32 AM
- iFixit: We Are All Geniuses, Advocates Right to Repair
- Wed, 9:58 AM
- That Anti-LGBT Emoji is Just a Glitch