Microsoft has taken the rare step of warning users of its operating system (OS) off rival vendor, Apple's Safari browser due to a flaw in interoperability that could leave them open to malicious attacks.
The Safari bug, originally brought to light in mid-May by security researcher Nitesh Dhanjani plays on the fact Safari can automatically download certain files without a user's permission.
If a Windows OS user visits a hacked website using Safari, a vulnerability in how XP and Vista handle executable files on the desktop can be exploited to litter the victim's desktop with executable files containing malicious code.
In a rare step, Microsoft issued a security advisory last Friday that also confirmed the Safari flaw is dependent on the Windows OS vulnerability regarding executable files on the desktop.
And Aviv Raff, another researcher has also claimed a second Windows flaw could actually allow a hacker to run unauthorised software on a victim's computer.
Although Apple did not respond to an IT PRO request for comment, it has been widely reported that it may not see the flaw as seriously as Microsoft does. Dhanjani said that, when he alerted Apple to the flaw, the Mac vendor responded that it did not see the bug as a security issue. "Apple does not feel this is an issue they want to tackle at this time," he wrote in his blog.
He reproduced Apple's response, which read: "Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated."
Apple's seemingly nonchalant reaction has attracted criticism from the security community, where consumer IT security advocacy group Stopbadaware.org has said Apple should "reconsider its stance".
This latest issue comes six weeks after the discovery of a denial of service (DoS) vulnerability in the iPhone version of the Safari browser.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Microsoft angers admins as April Patch Tuesday delivers password feature without migration guidanceNews Security fixes include a zero day exploited by a ransomware group and seven critical flaws
-
Managing a late migrationOpinion When it comes to moving from Windows 7 to Windows 10, it's better late than never
-
How to set up a Windows 7 emulator for Windows 10Tutorials A complete guide for setting up a Windows 7 emulator for Windows 10 so you don’t lose access to your apps
-
The autopsy of Windows 7
In-depth Report of a postmortem examination
-
The IT Pro Podcast: Farewell Windows 7IT Pro Podcast We reflect on the legacy of one of Microsoft's most enduringly popular operating systems
-
Windows 7 ends: what do you do next?
In-depth From SMBs to big business and individuals, after 10 years it's time to move on from Windows 7
-
Windows 7 end of life: What to do if you haven't upgraded yetIn-depth Microsoft has now officially moved Windows 7 to end of life, meaning it's no longer a viable business platform
-
Windows 10 vs Windows 8.1 vs Windows 7 - Microsoft OS head-to-headVs We pit Microsoft's most popular operating systems against each other to see which is the greatest of all time
