Safari "carpet bombing" Fail Open Goat Award


So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you’re using Safari on Windows.  Apple doesn’t see this as a security vulnerability and thus isn’t too interested in fixing it (which boggles my mind – but I digress).  Well it seems we’re not the only ones concerned about this way of thinking: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9087679&intsrc=news_ts_head


While the ability to drop a file on your desktop in and of itself isn’t necessarily a serious security vulnerability – it could be chained with another vulnerability to allow very bad things to happen (i.e. imagine a combo attack where one vulnerability is used to drop an EXE on your desktop using the Nitish / Rios method and another as of yet un-disclosed vuln is used to run it).  Right now with Safari on Windows – the bad guys are 50% of the way to direct code execution of whatever binary they chose to run . . . all they have to do is find a way to get that dropped binary to run.  Will it happen?  Time will tell I suppose . . . seems rather risky to leave this vulnerability out there when it seems like it would probably be a rather easy fix.


Comments (3)

  1. Anonymous says:

    Apple’s been making hay in its Mac vs. PC ads about Windows’ security and malware problems. But now that Apple’s playing in Microsoft’s sandbox with a Windows version of the Safari Web browser, the worm has turned. The Windows version…

  2. Anonymous says:

    Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to