Posted by: Ken Harthun
Apple, Browsers, Microsoft Windows, Remote Code Execution, Security, Vulnerabilities
Microsoft has issued Security Advisory 953818 advising Safari users to “restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.” According to Microsoft:
“A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a user’s machine without prompting, allowing them to be executed. An attacker could trick users into visiting a specially crafted Web site that could download content to a user’s machine and execute the content locally using the same permissions as the logged-on user. “
Oddly enough, there’s a quick fix for the problem. In the advisory, Microsoft clearly states: “Mitigating Factors: Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.” Just go to Edit > Preferences > General > Save downloaded files to [your chosen new location].
That was easy.