Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL
 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Uh-oh: Safari, IE flaws combine to put Windows at risk!
Our Blogs Core Dump Uh-oh: Safari, IE flaws combine to put Windows at risk! | Uh-oh: Safari, IE flaws combine to put Windows at risk! |
|
| by Stephen Withers | |
| Monday, 02 June 2008 | |
|
Page 2 of 3 The IE flaw was identified and reported "a long long time ago" by Aviv Raff who also realised that it could be combined with carpet bombing.Featured Whitepaper
5 Best Practices for Smartphone Support
(Here's an opportunity to use that human imagination I mentioned above: what can you do with a web browser other than use it as a web browser?) Raff believes changing the download location does not protect against the combined vulnerability, and that carpet bombing could be used in conjunction with vulnerabilities in other products. The good news is that - as far as Microsoft knows - the technique has not been used in real life, but that probably won't last. How should this be dealt with? Well, it seems clear to me that the reported IE flaw requires an urgent fix. If it's possible for a browser to automatically trigger the execution of a file in a user-controlled folder, there's something very wrong. So, does this let Apple off the hook? No, but it's harder to see what the 'right' answer would be, and I can understand why Dhanjani was warned that a change to Safari based on his report would require the involvement of the company's human interface team. A preference that prevents Safari from downloading any non-renderable/playable content has been suggested, but what happens when you want to download a program from a developer's web site? Please read on to page 3 . |
| < Next story in category | Previous story in the category > |
|---|
