Apple Releases Fix For Safari 'Carpet Bomb' Error

All of the Safari bugs repaired by the update affect multiple versions of Windows XP and Vista.

One of the fixes contained in the update addresses a critical carpet bomb flaw in Safari that could enable a remote attacker to execute malicious code on an affected system if a user saved untrusted files to the Windows desktop.

The carpet bomb error became publicized May 30 after Microsoft posted a security advisory warning users of a blended threat from a combined attack exploiting a security vulnerability in Apple's Safari when used on the Windows platform.

The default download location in Safari, when combined with the way the Windows desktop handles executables, created the critical flaw that allows files to be executed and downloaded to a user's machine without their consent.

If exploited, the blended flaw could allow an attacker to unleash malicious content on a victim's computer and execute the content locally with elevated login privileges by tricking a user into visiting a malicious Web site.

To fix the issue, Apple updated Safari to prompt the user before saving a download file, and by changing the default download location to the user's Download folder on Windows Vista, and the user's Documents folder on Windows XP.

Also included in its update is a fix for another Safari error linked to two versions of Internet Explorer, which could also lead a remote attacker to execute arbitrary code.

The flaw enabled Safari to automatically launch executable files downloaded from a malicious Website while in a trusted IE zone. Specifically, users were vulnerable to remote attack if they visited a Website in IE 7 with an enabled "launching applications and unsafe files" setting, or if the visited Website was in the IE 6 "Local Intranet" or "trusted sites" zone.

To address the issue, the update prevented the automatic launching of downloaded files, while alerting the user before downloading a file if the "always prompt" setting was enabled.

Meanwhile, the Safari 3.1.2 for Windows also fixes other bugs that could lead to data exposure and malicious code execution if a user unknowingly viewed a specially crafted BMP or GIF image.

Security experts recommend that users upgrade their Safari browser with the latest update as soon as possible, which can be downloaded and installed from the Apple Web site.