Microsoft is warning that a previously disclosed flaw in Apple’s Safari browser could have dire consequences for Windows users.

The Safari bug, originally disclosed on May 15 by security researcher Nitesh Dhanjani, allows attackers to litter a victim’s desktop with executable files, an attack known as “carpet bombing.”

It turns out that if this flaw is exploited in combination with a second unpatched bug in Internet Explorer, attackers can run unauthorized software on a victim’s computer, according to Aviv Raff, a security researcher. Raff says he originally reported the IE flaw to Microsoft more than a year ago, and then told them about how it could be combined with the carpet bombing bug just over a week ago.

Link:
http://www.pcworld.com/businesscenter/article/146537/…

Check out these posts too:

  1. Microsoft investigates 17-year-old Windows flaw
  2. Safari for Windows is not secure!
  3. Safari now available for Windows
  4. Critical security flaw found in Winamp
  5. Safari 5 released
  6. Safari releases yet another release for Windows
  7. Safari 3.0.4 for Windows released