OMFG DON’T USE SAFARI!!!!!
TUAW reports on a zero-day exploit in the Safari browser which can potentially cause the the unintentional downloading of files and applications to a users drive. Like any exploit, the people who discovered it claim it is OMG-critical, and are begging Apple to jump on a patch. Apple says they are aware of the problem, and will get to it when they are good and ready.
I’m not sure what the danger is in files being downloaded, other than the inconvenience of a cluttered desktop (can applications autolaunch when downloaded?) but when people throw the term “zero-day exploit” around, I tend to crap my pants (and I guess that’s the point).
Thanks to faithful Macenstein reader Mason for the tip!
NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
I’ll just have to sit back and laugh as I enjoy Firefox and my wife’s desktop gets cluttered by millions of pictures of baby pandas being eaten by dinosaurs.
Well being the one that gave you the tip, I feel somewhat obligated to comment.
One of the things that’s bad about this is that Apple can no longer claim to be “virus free.” Yeah, yeah, we all know that bad things can happen to your Mac because of downloaded programs (hence the warning whenever you open a downloaded program for the first time), but TECHNICALLY, that’s user error and can’t be called a virus. Now, you could end up at a site which could use javascript to direct you to another website which could download something to your Mac that could be harmful. And while that’s a lot of “could”s, let’s sat that that “something” was a script of some sort. Now let’s pretend that it was set to run next time you booted up your computer. And now you’ve got some major issues.
And while we all like to pretend that this isn’t true and we’re all completely safe because we’re on a Mac, in reality we’re just as vulnerable as Windows users now. And I hate stooping to their level because of something Apple ittself did (or didn’t do).
An exploit in a browser is not a virus. A downloaded program would probably still require OSX authorization to run. Personally if some application I didn’t remember download started to ask if it could install itself I’d say “no”
@Mason: Downloading, not running. I can’t see how this is anything other than obvious. Safari doesn’t show a dialog when you download a file.
Noting on the Mac, but believe it or not, it can be used to allow “remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed”.
ROTFL
http://www.microsoft.com/technet/security/advisory/953818.mspx
So even when Apple makes a mistake… Windows users suffer and Mac users are ok. LOL.
Mac – “Hi I’m a Mac”
PC – “And I’m a PC”
Mac – “You know PC I am very sorry I left the back door unlocked the other night when you slept over…”
PC – “Those where bad men…….”