Apple Fixes Safari "Carpet Bomb" Windows Vulnerability

Titoxd writes "Apple has released a new version of Safari that fixes the carpet bomb vulnerability in Safari 3.1 for Windows. This comes in the heels of Microsoft recommending against using Safari in Windows, as well as the release of code exploiting this vulnerability."

Re:But did they fix the real bug?

[tokul]

Did they fix the bug where Safari installs as an iTunes update?

New (released more than one month ago) Apple Software Update has two sections. One for updates and other for new software. When Safari was introduced, Software Update had only one section.

Yes, the flaw is in IE.

[argent]

Microsoft's library path ALWAYS goes through the current directory. For some obscure reason that IE icon on the Desktop, the one that isn't a shortcut but is actually something special Microsoft added back in 1997 to make it harder to remove IE, runs IE on the Desktop instead of in the IE install directory, the way it would if it was a shortcut.

It's all a side effect of Microsoft's shenanigans when they tried to use browser-desktop integration to make an end-run around their agreement with the US DoJ. That they've convinced people that the big news is a bug in Safari that makes it slightly easier to take advantage of this problem is, well, bizarre.

And now you know the rest of the story.