Average Rating: Rate this article:

Apple, Microsoft Feud Over Safari, Internet Explorer Flaws By Jennifer LeClaire June 4, 2008 8:49AM     Apple, Inc. and Microsoft disagree on who needs to fix a security threat that blends Apple's Safari and Microsoft's Internet Explorer browsers. The Safari hole allows dumping executable files on a desktop, and Internet Explorer lets an attacker run those files. Apple says the problem is not a security issue, and Microsoft says it's Apple's fault.   Related Topics Apple Microsoft Safari Internet Explorer Security Latest News Plasma-TV Ban Could Be Costly Barnes & Noble Nook Is Delayed Flat PC Shipments Hurt Dell's Stock Ballmer Says Windows 7 Sales Good New Pogoplug 'Cloud' Gets Social Microsoft is sounding the alarm in Apple's camp, warning that a previously disclosed flaw in the Safari browser could spell trouble for Windows users. Another flaw in Internet Explorer makes the situation worse. Apple is not treating the blended threat as a security issue, but as a further reason to raise the bar against unwanted downloads. Who will take responsibility for fixing the issue remains to be seen. Security researcher Nitesh Dhanjani originally disclosed the Safari bug on May 15. The flaw allows attackers to dump executable files on a victim's desktop, a tactic known as "carpet bombing." If the Safari flaw is exploited in combination with an unpatched bug in Internet Explorer, it opens the door for attackers to run unauthorized software on a victim's computer. "Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple's Safari for Windows has been installed," Microsoft said. How Big is the Threat? Ironically, the combined threat has probably become greater thanks to media attention generated by the spat between Microsoft and Apple on this flaw, according to Graham Cluley, a senior technology consultant at Sophos. "The good news is that Safari still has a small market share amongst Windows users compared to Internet Explorer and Firefox, and so most cybercriminals are unlikely to try and take advantage of it," Cluley said. "However, there are bound to be some in the Internet underground who will be tempted to see if they can exploit and widen this security hole, to see what is possible." This isn't, of course, the first time eyebrows have been raised about Apple Safari on Windows. Recently Apple was criticized for pushing Safari onto Windows users of iTunes rather too aggressively. What Will Apple Do? To its credit, Microsoft has built up a track record for taking security flaws in its products seriously, and it's likely that in due course they will issue an update to mitigate against the IE portion of the problem, Cluley said. All the noises from Apple so far have suggested that it does not believe the issue to be a security problem. Unfortunately, Cluley said, the results of the exploit (users find their desktops filled with icons) are no different from the type of thing we see from spyware and adware merchants on a regular basis. "It would be good if Apple could develop a fix in a timely fashion for this problem," Cluley said, "but it remains to be seen how quick they will be." Apple was not immediately available for comment.   Advertisement  Network Security 1.   Peer-to-Peer Software Ban Sought 2.   Los Alamos Computer Security Weak 3.   Security Firm Fortinet Plans IPO 4.   Heartland Restraining Order Denied 5.   Social-Networking Security a Concern Social-Networking Security a Concern Facebook hijacking shows dangers. Average Rating: ICANN Approves International Names Dramatic increase in users expected. Average Rating: Center Opens To Battle Cybercrime Increasing threat from hackers seen. Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business CRM Systems   Experience CRM—and Business—Success today with Salesforce.com. Contact Centers   Run Your Entire Contact Center in the Cloud with LiveOps Enterprise Hardware   Go Green with IBM Blade Center    Enterprise I.T.    Rackspace: It makes a difference when you focus on support.   Go Green with IBM Blade Center   APC introduces server room in a box solutions!   Tell us what you think. Take a survey.   Find out how much you can save with the SQL Server value tool.   See how AT&T can help protect your network. Enterprise Software   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Microsoft/Windows   Rackspace: It makes a difference when you focus on support   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Network Security   See how AT&T can help protect your network.

Network Security Spotlight

House Lawmakers Push Ban on Peer-to-Peer Software Stung by an embarrassing electronic leak revealing ethics investigations into dozens of lawmakers, Congress moved to prohibit federal employees from using the file-sharing software blamed for the disclosure.   GAO: Los Alamos Computer Security Has Weaknesses Security weaknesses uncovered in Los Alamos National Laboratory's computer network increase the risk of a classified-information breach, says the Government Accountability Office.   Computer Security Firm Fortinet Plans IPO This Week Fortinet plans to go public in an initial public offering, giving investors a chance to tap a network security provider with sales that are expected to grow. The IPO could be valued at $137.5 million or more.

Enterprise Hardware Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   New Pogoplug 'Personal Cloud' Does Social Networking Cloud Engines has released its newest version of the Pogoplug, a small "multimedia sharing device" that connects hard drives to the Internet and allows a user to access the files remotely.   Apple Tablet Rumored Delayed as Publisher Gears Up There have been so many rumors of an Apple tablet that it has taken on legendary status. But now the legend is being revised with reports of a delay and that a major publisher is getting ready.

Enterprise Technology Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   Smartphones: A Bigger Target for Security Threats Smartphones are increasingly prevalent and adept at handling more tasks, including trading stocks, paying bills, and buying stuff online. That makes them attractive to thieves and hackers.   FBI Says Hackers Targeting Law Firms, PR Companies Hackers are targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients.

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | Free Whitepapers | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2009 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.