Safari doesn’t go along well with Windows

Why the title line of this post doesn’t even surprised me? And I’m sure it’s the same with you guys, but this time it’s a little bit more serious than just a sentimental brawl talks between the two opposite giants.
At last month on Friday, Microsoft just announced a serious risk for people who use Safari on Windows OS (XP & Vista). The giant software company warning went as far as to suggest people “restrict use of Safari until an appropriate update is available from Microsoft and/or Apple.”

What really did happen, that causes so much attention from Microsoft? It takes us back to a Safari bug discovered on May 15th by security Nitesh Dhanjani; that allows hackers to litter the victim’s desktop with executable files known as “carpet bombing”.

But if it is a Safari bug, then wouldn’t it be Apple’s problem instead of Microsoft’s? The answer actually found a year ago by a security researcher name Aviv Raff, where the Safari bug is exploiting an unpatched bug in IE. Hackers must first lure their victims to visit first a maliciously crafted Web page with the Safari browser, which in turn will trigger the carpet bombing attack and exploit the IE flaw.

Both the Safari and IE bugs "are moderate vulnerabilities that, combined, produce a critical flaw, which allows remote code execution," Raff said in an instant message interview with Robert McMillan (PCW Business Center).

Ingeniously Microsoft is working a patch for this small security flaw in its IE (after a year!), but Apple is staying cool and doesn’t provide with any comments or new updates. Then again, there’s another interesting rumors from TUAW: TUAW has received some information that suggests Apple may be working to seed developers with an early build of Mac OS X 10.6 at this year's WWDC. 10.6 will not include any new significant features from 10.5; instead, Apple is focusing solely on "stability and security."

The newest rumor is this new Mac OS X 10.6 will be called "Snow Leopard", and seems like Apple is not ready yet to fully ditch away the previous PowerPC 64-bit processor on its old MacBook line-ups.

The “stability and security” would mean that this could be Apple’s effort to plug the hole in its Safari security bug mentioned above, and we’ll know it soon enough on WWDC ’08 next Monday along with other exciting news from Apple.

[blogged with my Treo 750v]