Overclock.net › Forums › Industry News › Software News › [orly] Browser Security: Safari Carpet Bomb
New Posts  All Forums:Forum Nav:

[orly] Browser Security: Safari Carpet Bomb

post #1 of 12
Thread Starter 
Quote:
I recently communicated 3 security issues in the Safari browser to Apple.

Apple let me know that they will fix 1 of the issues I reported. I will not discuss the vulnerability Apple has promised to fix until they release the fix because it is a high risk issue affecting Safari on OSX and Windows.

I let Apple know that I’d like to discuss the 2 issues they won’t be fixing with the security community and they let me know they are fine with it.
oreillynet.com
Blood
(13 items)
 
  
Reply
Blood
(13 items)
 
  
Reply
post #2 of 12
Quote:
Originally Posted by From the Article
Before I get to the details, I want to make it extremely clear that the Apple security team has been a pleasure to communicate with. I sent them a couple of emails asking for clarifications, and they responded quickly and courteously every time. I want to publicly acknowledge that I appreciate this very much.

Here are the issues I reported:

1. Safari Carpet Bomb. It is possible for a rogue website to litter the user’s Desktop (Windows) or Downloads directory (~/Downloads/ in OSX). This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location (unless changed).

...

2. Sandbox not Applied to Local Resources. This issue is more of a feature set request than a vulnerability. For example, Internet Explorer warns users when a local resource such as an HTML file attempts to invoke client side scripting. I feel this is an important security feature because of user expectations: even the most sophisticated users differentiate between the risk of clicking on an executable they have downloaded (risk perceived to be higher) to clicking on a HTML file they have downloaded (risk perceived to be lower).

Apple’s response was positive:
…we have been investigating the potential for a "safe" mode for local HTML. This is an area that requires a fairly deep investigation to address compatibility issues, and to determine the proper operation. Please understand that when we label this as a security hardening measure, we are not discounting the benefits that this could have.

3. [Undisclosed]. The third issue I reported to Apple is a high risk vulnerability in Safari that can be used to remotely steal local files from the user’s file system. Apple responded positively and let me know that they are actively working to resolve the issue and issue a patch. I will post an update if I hear back from them.

I’d like to thank the Apple security team for their timely responses and for letting me discuss these issues with the security community.
Safari is a really fast browser and supports Firefox's Ad-Block's filter lists. It seems to be so riddled with holes, though... Hopefully they fix this crap.
post #3 of 12
Safari is a piece of crap, and that's coming from a Mac user.
 
Server
(3 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-3540M Intel HD Graphics 4000 8GB G.SKILL Ripjaws DDR3 1600 Samsung 840 EVO 250GB SSD 
OSMonitorMouseAudio
Windows 10 Pro x64 14" at 1600x900 Logitech Anywhere Mouse MX FiiO E17 USB DAC amp 
CPUOSCase
i3-540 Debian 8 (Jessie) Cooler Master Elite 341 
  hide details  
Reply
 
Server
(3 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-3540M Intel HD Graphics 4000 8GB G.SKILL Ripjaws DDR3 1600 Samsung 840 EVO 250GB SSD 
OSMonitorMouseAudio
Windows 10 Pro x64 14" at 1600x900 Logitech Anywhere Mouse MX FiiO E17 USB DAC amp 
CPUOSCase
i3-540 Debian 8 (Jessie) Cooler Master Elite 341 
  hide details  
Reply
post #4 of 12
Quote:
Originally Posted by onlycodered View Post
Safari is a piece of crap, and that's coming from a Mac user.
Agreed, FF4MAC4EVA.

o.o
Phrack
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 B3 @ 2.4 ASUS x38 Maximus Extreme Gigabyte 8800 GT G.Skill 2GB DDR3 
Hard DriveOSMonitorKeyboard
WD 250GB SATA/4GB Flash Windows Vista Ultimate 64bit Westinghouse 22" WS 5 MS Logitech G15 Rev2 
PowerCaseMouseMouse Pad
CORSAIR 620HX ANTEC 900 Logitech MX518 FABRIC 
  hide details  
Reply
Phrack
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 B3 @ 2.4 ASUS x38 Maximus Extreme Gigabyte 8800 GT G.Skill 2GB DDR3 
Hard DriveOSMonitorKeyboard
WD 250GB SATA/4GB Flash Windows Vista Ultimate 64bit Westinghouse 22" WS 5 MS Logitech G15 Rev2 
PowerCaseMouseMouse Pad
CORSAIR 620HX ANTEC 900 Logitech MX518 FABRIC 
  hide details  
Reply
post #5 of 12
Safari for Mac users is like IE for Windows users. It comes with it, some users use it and others install a different browser like FF and Opera.
Rig
(15 items)
 
   
CPUMotherboardGraphicsRAM
i7 5820K MSI X99A SLI PLUS EVGA GTX 1070 FTW 4x8GB G.Skill Ripjaws  
Hard DriveHard DriveCoolingOS
Samsung 850 Pro Samsung 850 Evo Noctua NH-D15 Windows 10 
MonitorKeyboardPowerCase
Dell U2515H Happy Hacking Keyboard 2  EVGA Supernova 750 G2 Corsair 600Q 
MouseMouse PadAudio
Logitech G403 Steelseries QcK Mass M-Audio AV40 
CPUMotherboardGraphicsRAM
i7 930 @ 3.7 HT Gigabyte X58A-UD3R VisionTek 4870x2 3x4GB's G.Skill Ripjaws 1600 
Hard DriveOptical DriveOSMonitor
500GB AAKS, 2x 640GB AAKS, 2x 1TB Samsung SH-S203B Windows 7 Ultimate 64-bit Samsung 245BW 
KeyboardPowerCaseMouse
Happy Hacking Keyboard 2 Silverstone OP850 Antec 1200 [Three Nanoxia FX12] [Two San Ace 1011] Logitech G500 
Mouse Pad
Razer eXactMat 
CPUGraphicsRAMHard Drive
i7 3615QM GT 650M 16GB DDR3 256GB SSD 
OS
OS X Mountain Lion 
  hide details  
Reply
Rig
(15 items)
 
   
CPUMotherboardGraphicsRAM
i7 5820K MSI X99A SLI PLUS EVGA GTX 1070 FTW 4x8GB G.Skill Ripjaws  
Hard DriveHard DriveCoolingOS
Samsung 850 Pro Samsung 850 Evo Noctua NH-D15 Windows 10 
MonitorKeyboardPowerCase
Dell U2515H Happy Hacking Keyboard 2  EVGA Supernova 750 G2 Corsair 600Q 
MouseMouse PadAudio
Logitech G403 Steelseries QcK Mass M-Audio AV40 
CPUMotherboardGraphicsRAM
i7 930 @ 3.7 HT Gigabyte X58A-UD3R VisionTek 4870x2 3x4GB's G.Skill Ripjaws 1600 
Hard DriveOptical DriveOSMonitor
500GB AAKS, 2x 640GB AAKS, 2x 1TB Samsung SH-S203B Windows 7 Ultimate 64-bit Samsung 245BW 
KeyboardPowerCaseMouse
Happy Hacking Keyboard 2 Silverstone OP850 Antec 1200 [Three Nanoxia FX12] [Two San Ace 1011] Logitech G500 
Mouse Pad
Razer eXactMat 
CPUGraphicsRAMHard Drive
i7 3615QM GT 650M 16GB DDR3 256GB SSD 
OS
OS X Mountain Lion 
  hide details  
Reply
post #6 of 12
Quote:
1. Safari Carpet Bomb. It is possible for a rogue website to litter the user’s Desktop (Windows) or Downloads directory (~/Downloads/ in OSX). This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location (unless changed).
Apple programming in a nutshell... we don't think you want this so we're just not going to include it. That OSX hasn't been destroyed by hackers is a testament to how little they care about it.
    
CPUMotherboardGraphicsRAM
Core i5 4670k ASUS Maximus VI Gene Gigabyte GTX 460 1GB Kingston Hyper-X 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 OCZ Vertex 3 WD6401AALS WD5000AAKS 
CoolingOSMonitorMonitor
Noctua NH-D14 elementary OS Dell Ultrasharp U2312HM LG W2442PA-BF 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HX750W Corsair Graphite 600T Logitech G700 
Audio
ASUS Xonar DG 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i5 4670k ASUS Maximus VI Gene Gigabyte GTX 460 1GB Kingston Hyper-X 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 OCZ Vertex 3 WD6401AALS WD5000AAKS 
CoolingOSMonitorMonitor
Noctua NH-D14 elementary OS Dell Ultrasharp U2312HM LG W2442PA-BF 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HX750W Corsair Graphite 600T Logitech G700 
Audio
ASUS Xonar DG 
  hide details  
Reply
post #7 of 12
Apple has never had a big enough market share for the hackers to go after it,but that's changing and the attacks will come.
GAMER
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 750 Intel DP55KG Gigabyte HD6950 2GB 880/1375 1536 shaders stock v 4 GB DDR3-1333 HyperX 
Hard DriveOptical DriveOSMonitor
1 TB Blue Ray Windows 7 HP 64 3-22" LCD's 1680x1050=5040x1050 Eyefinity 
PowerCase
Corsair HX650 CM Storm Sniper 
  hide details  
Reply
GAMER
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 750 Intel DP55KG Gigabyte HD6950 2GB 880/1375 1536 shaders stock v 4 GB DDR3-1333 HyperX 
Hard DriveOptical DriveOSMonitor
1 TB Blue Ray Windows 7 HP 64 3-22" LCD's 1680x1050=5040x1050 Eyefinity 
PowerCase
Corsair HX650 CM Storm Sniper 
  hide details  
Reply
post #8 of 12
I seriously cannot wait for a "blaster.worm" type virus to come to OSX. Not because i want people to get infected but so this false sense of OSX being this secure fortress can finally be ripped to shreds and people can come back to reality.

Is there even an OSX anti-virus?
    
CPUMotherboardGraphicsRAM
Intel 2500k Gigabyte Z68X-UD3H-B3 XFX HD5870 16GB G.Skill RipjawsX 
Hard DriveOptical DriveCoolingOS
60GB OCZ Vertex 3 + 2x TB Seagate LG DVD+RW Stock Intel Windows 7 64bit / OSX Mountain Lion 
MonitorKeyboardPowerCase
Dell ST2210 + 17" IBM Das Ultimate S Antec TruePower 650W Antec P183 
MouseMouse PadAudioAudio
Logitech MX Revolution X-Trac Ripper Objective 2 + ODAC Combo Sennheiser HD650 + Klipsch 2.1 Promedia 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel 2500k Gigabyte Z68X-UD3H-B3 XFX HD5870 16GB G.Skill RipjawsX 
Hard DriveOptical DriveCoolingOS
60GB OCZ Vertex 3 + 2x TB Seagate LG DVD+RW Stock Intel Windows 7 64bit / OSX Mountain Lion 
MonitorKeyboardPowerCase
Dell ST2210 + 17" IBM Das Ultimate S Antec TruePower 650W Antec P183 
MouseMouse PadAudioAudio
Logitech MX Revolution X-Trac Ripper Objective 2 + ODAC Combo Sennheiser HD650 + Klipsch 2.1 Promedia 
  hide details  
Reply
post #9 of 12
Quote:
Originally Posted by Higgins View Post
I seriously cannot wait for a "blaster.worm" type virus to come to OSX. Not because i want people to get infected but so this false sense of OSX being this secure fortress can finally be ripped to shreds and people can come back to reality.

Is there even an OSX anti-virus?
Yes.
Rig
(15 items)
 
   
CPUMotherboardGraphicsRAM
i7 5820K MSI X99A SLI PLUS EVGA GTX 1070 FTW 4x8GB G.Skill Ripjaws  
Hard DriveHard DriveCoolingOS
Samsung 850 Pro Samsung 850 Evo Noctua NH-D15 Windows 10 
MonitorKeyboardPowerCase
Dell U2515H Happy Hacking Keyboard 2  EVGA Supernova 750 G2 Corsair 600Q 
MouseMouse PadAudio
Logitech G403 Steelseries QcK Mass M-Audio AV40 
CPUMotherboardGraphicsRAM
i7 930 @ 3.7 HT Gigabyte X58A-UD3R VisionTek 4870x2 3x4GB's G.Skill Ripjaws 1600 
Hard DriveOptical DriveOSMonitor
500GB AAKS, 2x 640GB AAKS, 2x 1TB Samsung SH-S203B Windows 7 Ultimate 64-bit Samsung 245BW 
KeyboardPowerCaseMouse
Happy Hacking Keyboard 2 Silverstone OP850 Antec 1200 [Three Nanoxia FX12] [Two San Ace 1011] Logitech G500 
Mouse Pad
Razer eXactMat 
CPUGraphicsRAMHard Drive
i7 3615QM GT 650M 16GB DDR3 256GB SSD 
OS
OS X Mountain Lion 
  hide details  
Reply
Rig
(15 items)
 
   
CPUMotherboardGraphicsRAM
i7 5820K MSI X99A SLI PLUS EVGA GTX 1070 FTW 4x8GB G.Skill Ripjaws  
Hard DriveHard DriveCoolingOS
Samsung 850 Pro Samsung 850 Evo Noctua NH-D15 Windows 10 
MonitorKeyboardPowerCase
Dell U2515H Happy Hacking Keyboard 2  EVGA Supernova 750 G2 Corsair 600Q 
MouseMouse PadAudio
Logitech G403 Steelseries QcK Mass M-Audio AV40 
CPUMotherboardGraphicsRAM
i7 930 @ 3.7 HT Gigabyte X58A-UD3R VisionTek 4870x2 3x4GB's G.Skill Ripjaws 1600 
Hard DriveOptical DriveOSMonitor
500GB AAKS, 2x 640GB AAKS, 2x 1TB Samsung SH-S203B Windows 7 Ultimate 64-bit Samsung 245BW 
KeyboardPowerCaseMouse
Happy Hacking Keyboard 2 Silverstone OP850 Antec 1200 [Three Nanoxia FX12] [Two San Ace 1011] Logitech G500 
Mouse Pad
Razer eXactMat 
CPUGraphicsRAMHard Drive
i7 3615QM GT 650M 16GB DDR3 256GB SSD 
OS
OS X Mountain Lion 
  hide details  
Reply
post #10 of 12
Quote:
Originally Posted by Higgins View Post
Is there even an OSX anti-virus?
http://www.clamxav.com/
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [orly] Browser Security: Safari Carpet Bomb