Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

Submission + - Safari "Carpet Bomb" Attack Still a Risk (zdnet.com)

SecureThroughObscure writes: "Just a short time after Apple's recent acknowledgement of and patch of the Safari Carpet Bomb "blended" IE flaw, blogger Nate McFeters of ZDNet's Zero-Day blog has pointed to research by Billy Rios of Microsoft that shows that the attack is still useful in a "blended" attack, this time with Firefox 2/3. Rios claimed that he is able to use the Safari Carpet Bomb attack, despite the recent patch, to steal arbitrary files from victims who also have Firefox 2/3 installed.

McFeters pointed out that Apple, which took some heat for not originally patching the issue, actually did a good job of addressing the issue, as it was not originally understood that code execution was possible (the details came out later). Rios seemed to echo a positive response by Apple in addressing the original issue, despite the media's portrayal.

Details of Rios's specific attack vector have been withheld until Apple has had time to patch or respond to this issue, but both researchers (McFeters and Rios) commented on the new attack threat that these blended types of attacks provide, and questioned who's responsibility it is to test for and fix these issues.

SecureThroughObscure"

Slashdot Top Deals

"I'm growing older, but not up." -- Jimmy Buffett

Working...