Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security

Submission + - Safari "Carpet Bomb" Attack Still a Risk (zdnet.com)

SecureThroughObscure writes: "Just a short time after Apple's recent acknowledgement of and patch of the Safari Carpet Bomb "blended" IE flaw, blogger Nate McFeters of ZDNet's Zero-Day blog has pointed to research by Billy Rios of Microsoft that shows that the attack is still useful in a "blended" attack, this time with Firefox 2/3. Rios claimed that he is able to use the Safari Carpet Bomb attack, despite the recent patch, to steal arbitrary files from victims who also have Firefox 2/3 installed.

McFeters pointed out that Apple, which took some heat for not originally patching the issue, actually did a good job of addressing the issue, as it was not originally understood that code execution was possible (the details came out later). Rios seemed to echo a positive response by Apple in addressing the original issue, despite the media's portrayal.

Details of Rios's specific attack vector have been withheld until Apple has had time to patch or respond to this issue, but both researchers (McFeters and Rios) commented on the new attack threat that these blended types of attacks provide, and questioned who's responsibility it is to test for and fix these issues.

SecureThroughObscure"

Slashdot Top Deals

There is one way to find out if a man is honest -- ask him. If he says "Yes" you know he is crooked. -- Groucho Marx

Working...