Latest in Bombing

Image credit:

Safari 'carpet bombing' exploit could be serious

Robert Palmer
A zero-day vulnerability in Safari that could litter a user's desktop (or downloads folder) with arbitrary files is a serious security flaw, argues ZDNet, and not a mere "annoyance" as Apple claims.

In theory, a user must click a link to visit a malicious website that can begin downloading arbitrary files (including applications) to the user's computer without their permission. The problem affects both the Windows and Mac versions of Safari.

Researcher Nitesh Dhanjani reported the flaw to Apple, which promised to patch it in a future release of Safari. ZDNet and contend, however, that a patch should be released immediately.

It's old advice, but it bears repeating: be careful of the links you click, and know where they go before you click them.

From around the web

ear iconeye icontext filevr