Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

+-   Safari "Carpet Bomb" Attack Still a Risk-> on Saturday June 21 2008, @03:28AM SecureThroughObscure

Submitted by SecureThroughObscure on Saturday June 21 2008, @03:28AM
security
SecureThroughObscure writes "Just a short time after Apple's recent acknowledgement of and patch of the Safari Carpet Bomb "blended" IE flaw, blogger Nate McFeters of ZDNet's Zero-Day blog has pointed to research by Billy Rios of Microsoft that shows that the attack is still useful in a "blended" attack, this time with Firefox 2/3. Rios claimed that he is able to use the Safari Carpet Bomb attack, despite the recent patch, to steal arbitrary files from victims who also have Firefox 2/3 installed.

McFeters pointed out that Apple, which took some heat for not originally patching the issue, actually did a good job of addressing the issue, as it was not originally understood that code execution was possible (the details came out later). Rios seemed to echo a positive response by Apple in addressing the original issue, despite the media's portrayal.

Details of Rios's specific attack vector have been withheld until Apple has had time to patch or respond to this issue, but both researchers (McFeters and Rios) commented on the new attack threat that these blended types of attacks provide, and questioned who's responsibility it is to test for and fix these issues.

SecureThroughObscure"
Link to Original Source
submission
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Safari "Carpet Bomb" Attack Still a Risk 0 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
Search
Live fast, die young, and leave a good looking corpse. -- James Dean

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.