Microsoft reports security problem with Apple's Safari
Microsoft, of all companies, has issued a security advisory warning users about a possible security exploit involving Apple's Safari for Windows browser.
In Microsoft Security Advisory 953818, posted last week, Microsoft does not pinpoint exactly how it learned of the security vulnerability. But users are told, "Microsoft is investigating new public reports of blended threat that allows remote execution on all supported versions of Windows XP and Windows Vista when Apple's Safari for Windows has been installed."
In the security glitch under investigation, "A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a user's machine without prompting, allowing them to be executed," Microsoft says.
"An attacker could trick users into visiting a specially crafted Web site that could download content to a user's machine and execute the content locally using the same permissions as the logged-on user."
Users who have changed the default location on the local drive for Safari downloads are not affected by the threat, according to Microsoft.
A blog post from Tim Rains of Microsoft Security Response Center last Friday contains what veterans will recognize as mostly boilerplate language, stating the company is unaware of any active exploits. Rains does add, however, that one way people find themselves with Safari for Windows on their systems is through the use of Apple Software Update, which is a component also installed in conjunction with iTunes and QuickTime.
As a suggested action, Microsoft recommends that users "restrict use of Safari as a Web browser until an appropriate update is available from Microsoft and/or Apple."