SecureThroughObscure writes “Just a short time after Apple’s current acknowledgment of and patch for the Safari Carpet Bomb ‘blended’ IE flaw, Microsoft researcher Billy Rios shows that Safari is still useful in a blended attack, this time with Firefox 2/3. (ZDNet’s Nate McFeters also spread the word.) Rios claimed that he’s able to use Carpet Bomb, despite the current patch, to steal arbitrary files from victims who also have Firefox 2/3 installed. Both Rios and McFeters pointed out that Apple, which took some heat for not originally patching, actually did a good job of addressing the issue, as the code execution angle wasn’t originally understood (the details came out later). Rios is withholding details of the new attack vector until Apple has had time to patch or respond to this issue.”
Read more of this story at Slashdot.
Entries (RSS)