Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'This security vulnerability is more "generic"' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
This security vulnerability is more "generic"
Authored by: jmacak on Feb 22, '06 08:09:46AM
This is not so much a vulnerability of Safari as it is of Mac OS X. (The Safari option might be said to enhance the vulnerability.) Users must be encouraged to be wary of any downloaded file, no matter the method of download.

See this article for further info:

http://www.unsanity.org/archives/000449.php

Jim Macak
Macintosh help and consulting
Milwaukee, WI
http://www.yourmacdoc.com/

[ Reply to This | # ]
the main problem is silent execution
Authored by: hayne on Feb 22, '06 08:35:21AM
While I can agree that there is an underlying generic problem, the really serious problem is (as Rob has explained in the article) that Safari will execute the script without any user interaction.

The fact that a downloaded file can masquerade as something it is not (like the Leap-A trojan or the "generic" problem described by that Insanity article) is not nearly as serious a problem since for that requires that the user double-click on the file after downloading.

[ Reply to This | # ]