System Specs Object on Forums Doesn't Work in Safari

Nothing personal against you either- I am just stating how see things going and what COULD this vulnerability be used for.

since Apple doesn't think it is a big deal because the user can just change the default download directory

Actually Apple patched all this up on Thursday according to their site, so it is even more pointless to continue arguing.

However, for arguements sake read these carefully, as you seem to suggest that a simple firewall/antivirus would prevent execution of code

Resolved issues that existed with Safari:

"An issue exists in how the Windows desktop handles executables. Saving an untrusted file to the Windows desktop may trigger the issue, and lead to the execution of arbitrary code. Web browsers are a means by which files may be saved to the desktop. To help mitigate this issue, the Safari browser has been updated to prompt the user prior to saving a download file. Also, the default download location is changed to the user's Downloads folder on Windows Vista, and to the user's Documents folder on Windows XP."

"Visiting a malicious website which is in a trusted Internet Explorer zone may lead to the automatic execution of arbitrary code"

"Viewing a maliciously crafted BMP or GIF image may lead to information disclosure"

"If exploited, the blended flaw could allow an attacker to unleash malicious content on a victim's computer and execute the content locally with elevated login privileges by tricking a user into visiting a malicious Web site. "



If apple wasn't concerned about this then why did they patch it, so fast, granite a lot of the blame could be put on microsoft.
http://support.apple.com/kb/HT2092

and also I agree with Rick that you do have a responsibility to secure your system so that this kind of thing is a nonissue. But the truth is I still see plenty of people in the security section without a simple AV product, and the keywords they use are unknowingly and trick the user. What if I write a piece of code, and inject you with it, do you think your Antivirus is going to pick that up? I just feel that people need to be informed of what is out there. That is why I help in the security section and that is why I secure so many systems for TechSpot users, it would be just as easy to be on the other side of this battle.


Edit: Upgrade to Safari 3.1.2 for Windows if you haven't already
 
Back