Smokey's Security Weblog

veritas odium parit

Security researcher keeps “Carpet Bomb” attack alive, despite patch

Author: Nathan McFeters / ZDNet

Security researcher Billy Rios posted an article today about the Apple Safari “Carpet Bomb” attack, discussing a new issue that, despite the patch which prevented a “blended” remote command execution attack when Safari was used in conjunction with IE on a Windows system, keeps the “Carpet Bomb” attack alive and well.

Rios mentioned on his blog that when Safari is used on a system that also has Firefox 2/3 installed, could lead to providing an attacker the opportunity to steal arbitrary files from the filesystem. Rios stated that he would not go into further details at this time, as the issue is not fixed by the current Safari patch; however, he did mention that Firefox 3 is vulnerable, but has some protections that help mitigate the issue.

Source/more: ZDNet


June 22, 2008 - Posted by | Advisories, Alerts, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: