Freigeben über


Safari "carpet bombing" Fail Open Goat Award

So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you're using Safari on Windows.  Apple doesn't see this as a security vulnerability and thus isn't too interested in fixing it (which boggles my mind - but I digress).  Well it seems we're not the only ones concerned about this way of thinking: https://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9087679&intsrc=news_ts_head

While the ability to drop a file on your desktop in and of itself isn't necessarily a serious security vulnerability - it could be chained with another vulnerability to allow very bad things to happen (i.e. imagine a combo attack where one vulnerability is used to drop an EXE on your desktop using the Nitish / Rios method and another as of yet un-disclosed vuln is used to run it).  Right now with Safari on Windows - the bad guys are 50% of the way to direct code execution of whatever binary they chose to run . . . all they have to do is find a way to get that dropped binary to run.  Will it happen?  Time will tell I suppose . . . seems rather risky to leave this vulnerability out there when it seems like it would probably be a rather easy fix.

Comments

  • Anonymous
    January 01, 2003
    PingBack from http://blogs.zdnet.com/security/?p=1212

  • Anonymous
    January 01, 2003
    Apple's been making hay in its Mac vs. PC ads about Windows' security and malware problems. But now that Apple's playing in Microsoft's sandbox with a Windows version of the Safari Web browser, the worm has turned. The Windows version...

  • Anonymous
    January 01, 2003
    Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to