Safari "Carpet Bomb" Attack Code Released

snydeq writes "A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers. The source code can be used to run unauthorized software on a victim's machine, and could be used by criminals in Web-based computer attacks, security experts say. The public example of the attack code allows attackers to litter a victim's desktop with executable files, an attack known as 'carpet bombing.' In combination with bugs in Windows and Internet Explorer, attackers can run unauthorized software on a victim's computer."

Who uses safari for windows and IE?

[wattrlz]

Personally I think the bigger issue is that Safari will auto-download, auto-mark-safe, and auto-run files silently. IE's broken too, but either one of the players involved could render this exploit moot. Let's see who responds first before stoning someone to death.

I still don't see why someone would be browsing around in safari and then open up IE. A regular user's likely to only use his favorite browser and a dev who needs to view the same site in multiple browsers would probably notice that there're a bunch of new .dll files all over the desktop.