RELATED ARTICLES
News

Safari Users On Windows: Wipe Out 'Carpet Bombing' Threat with Version 3.1.2

Posted 06/19/08 at 07:18:47 PM |  by Mark Edward Soper

comment Commentsprint Printemail EmailDeliciousDiggStumbleUponReddit

At Last, Apple Steps Up to Fix a Big Safari Flaw

ZDNet's Zero Day blog reports that Apple's new 3.1.2 version of Safari for Windows XP and Vista fixes the 'carpet bombing' flaw we told you about early this month. The combination of Safari and Internet Explorer on Windows made it possible to 'carpet bomb' the Windows desktop (Safari's default download location) with files, including malware files. Why? Safari, unlike other browsers, doesn't ask the user for permission to download files.

3.1.2's Other Security Fixes

Safari 3.1.2 also torpedoes three other security problems plaguing Windows XP and Vista users:

  •  
    • A fix for the combination of IE7 and Safari on Windows being used to automatically launch executable files from a website in the IE 'Trusted Sites' or 'Intranet' zones
    • A fix for WebKit's handling of JavaScript arrays, which can lead to memory corruption
    • A fix for an out-of-bounds memory read error when handling BMP or GIF images

This quartet of fixes makes Safari 3.1.2 a non-brainer update for current Safari users running Windows. You can read the entire security advisory here, and download Safari 3.1.2 manually here.

While You're Downloading, Grab a New QuickTime, Too

If you haven't updated QuickTime to version 7.5, you should. QuickTime 7.5, released earlier this month, fixes a number of security issues for MacOS as well as Windows.

COMMENTS:
3
TAGS: 
Security, QuickTime, web browser, Apple Safari
comment Commentsprint Printemail EmailDeliciousDiggStumbleUponReddit
COMMENTS
avatarGet quicktime?? WTF

Submitted by drainbread on Fri, 2008-06-20 18:40

Quicktime is total ass, period.

Every time I have install the POS I have had to dig through th eoptions just to find out why when I click on an MP3 file, the browser downloads insted of bringing up a download dialoge.

That is just one part of the total crappyness of QT, Apple needs to take a que from Divx and allow an install of the codec without a player.

Login or register to post comments
avatarHi, Im a PC! And I'm a MAC

Submitted by Talcum X on Fri, 2008-06-20 05:06

Every single one of those commercials bloat about how a MAC is so much more secure and fast and blah blah blah. Now all we here are all the security patches they keep having to employ. How does it feel to be a member of the club now?

**********
Every morning is the dawn of a new error.

Login or register to post comments
avataruh hem

Submitted by Keith E. Whisman on Thu, 2008-06-19 22:21

I don't remember Microsoft taking so long to fix security vulnerabilities like this. Because Mac Sucks.

Login or register to post comments
RESOURCE CENTER

KICK ASS OFFERS

THIS MONTH's ISSUE
Maximum PC
FEATURE Awesome Upgrades: The best PC upgrades in every price range.HOW TO Connect your PC to your surround-sound audio systemProtect Your PC We put 10 of the most popular antivirus programs to the test to see which will protect you best. Android Revealed Find out how the Google-powered HTC G1 stacks up against its rivals.
Get your free trial issue

Don't have an account? Register Now! Forgot password?