Safari "carpet bombing" Fail Open Goat Award
So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you're using Safari on Windows. Apple doesn't see this as a security vulnerability and thus isn't too interested in fixing it (which boggles my mind - but I digress). Well it seems we're not the only ones concerned about this way of thinking: https://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9087679&intsrc=news_ts_head
While the ability to drop a file on your desktop in and of itself isn't necessarily a serious security vulnerability - it could be chained with another vulnerability to allow very bad things to happen (i.e. imagine a combo attack where one vulnerability is used to drop an EXE on your desktop using the Nitish / Rios method and another as of yet un-disclosed vuln is used to run it). Right now with Safari on Windows - the bad guys are 50% of the way to direct code execution of whatever binary they chose to run . . . all they have to do is find a way to get that dropped binary to run. Will it happen? Time will tell I suppose . . . seems rather risky to leave this vulnerability out there when it seems like it would probably be a rather easy fix.
Comments
Anonymous
January 01, 2003
PingBack from http://blogs.zdnet.com/security/?p=1212Anonymous
January 01, 2003
Apple's been making hay in its Mac vs. PC ads about Windows' security and malware problems. But now that Apple's playing in Microsoft's sandbox with a Windows version of the Safari Web browser, the worm has turned. The Windows version...Anonymous
January 01, 2003
Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to