Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Blended Threat from Combined Attack Using Apple's Safari on the Windows Platform - Microsoft Security Advisory (953818)

Early breaking security info from:

http://www.microsoft.com/technet/security/advisory/953818.mspx

See the Workarounds section till some update is available for this from MS and/or Apple

Frequently Asked Questions

 

What is the scope of the advisory?
This advisory clarifies public reports of a blended threat which could allow remote code execution, affecting all supported editions of Windows XP and Windows Vista. For a complete list of affected software, review the software listed in the “Overview” section.

Is this a security vulnerability that requires Microsoft to issue a security update?
Upon completion of this investigation, Microsoft will take appropriate action to protect our customers. This may include releasing a security update through the security update release process.

What causes this threat?
A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a user’s machine without prompting, allowing them to be executed. Safari is available as a stand-alone install or through the Apple Software Update application.

What might an attacker use this function to do?
An attacker could trick users into visiting a specially crafted Web site that could download content to a user’s machine and execute the content locally using the same permissions as the logged-on user.

Top of sectionTop of section

http://www.microsoft.com/library/gallery/templates/MNP2.Common/images/minus.gif

Suggested Actions

 

 

Restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.

Review the Microsoft Knowledge Base Article that is associated with this advisory

Customers who are interested in learning more about this feature should review Microsoft Knowledge Base Article 953818.

http://www.microsoft.com/library/gallery/templates/MNP2.Common/images/minus.gif

Workarounds

 

Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

Change the download location of content in Safari to a location other than ‘Desktop’

Launch Safari. Under the Edit menu select Preferences.

At the option where it states Save Downloaded Files to:, select a different location on the local drive.

 

Be safe,

George

 

-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

George Birbilis (email@hidden)

Microsoft MVP J# 2004-2008

Borland "Spirit of Delphi 2001"

QuickTime QTVR ActiveX .NET Delphi

http://www.zoomicon.com

http://birbilis.spaces.live.com

http://www.mech.upatras.gr/~Robotics

-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

 

 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
QuickTime-VR mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/quicktime-vr/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.