So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you’re using Safari on Windows. Apple doesn’t see this as a security vulnerability and thus isn’t too interested in fixing it (which boggles my mind – but I digress). Well it seems we’re not the only ones concerned about this way of thinking: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9087679&intsrc=news_ts_head
While the ability to drop a file on your desktop in and of itself isn’t necessarily a serious security vulnerability – it could be chained with another vulnerability to allow very bad things to happen (i.e. imagine a combo attack where one vulnerability is used to drop an EXE on your desktop using the Nitish / Rios method and another as of yet un-disclosed vuln is used to run it). Right now with Safari on Windows – the bad guys are 50% of the way to direct code execution of whatever binary they chose to run . . . all they have to do is find a way to get that dropped binary to run. Will it happen? Time will tell I suppose . . . seems rather risky to leave this vulnerability out there when it seems like it would probably be a rather easy fix.