Apple has just released a fix for a very serious Windows Safari security flaw, which was addressed by Microsoft a short while ago, and allowed the download of malicious software without warning the victim. The patch updated Safari so it would first seek permission from a user before downloading an application from a website to the user’s desktop.
The flaw affected Safari users with both Windows XP or Windows Vista operating systems. In order to exploit the bug, an attacker would first have to trick a user into visiting a malicious Web site that would initiate the download. Due to the fact that the download could be started without any sort of notification, the computer could become infected without the user even realizing it.
Apple seemed to place the blame on Microsoft in the description of the new patch, stating that the vulnerability stemmed from “how the Windows desktop handles executables.” Apple also stated that “saving an untrusted file to the Windows desktop may trigger the issue, and lead to the execution of arbitrary code,”
The new patch also changes the default download location for Safari from the desktop to the download folder in Windows Vista and the My Documents folder in Windows XP. In Microsoft’s May security advisory, the company said that users who had changed Safari’s default download location were not at risk.
[Via MacRumors]
Its great that it has fixed the security flaw. It is one of the best browser available in the web market. Go apple
http://www.safaribrowserwindows.com