Should Apple's Safari for Windows be Blamed for "Blended Threat" Described in Microsoft Security Advisory 953818?
Microsoft used some vague wording in the advisory: "Suggested Actions" are "Restrict use of Safari as a web browser ...".
It sounds as if it's a flaw rooted in Safari. But, what exactly is the role Safari playing in this "blended threat"? Answer is, Safari for Windows puts downloads to Desktop by default without a dialog box(such as the "File Download" dialog box in IE). Well, this is in fact a quite reasonable and convenient feature - downloading and saving requested file to user's Desktop by default. This feature itself does not constitute a mistake. What really makes the "blended threat" is some problem in loading program library files(DLL) by Windows Internet Explorer(and probably others), technical details is here.
It sounds as if it's a flaw rooted in Safari. But, what exactly is the role Safari playing in this "blended threat"? Answer is, Safari for Windows puts downloads to Desktop by default without a dialog box(such as the "File Download" dialog box in IE). Well, this is in fact a quite reasonable and convenient feature - downloading and saving requested file to user's Desktop by default. This feature itself does not constitute a mistake. What really makes the "blended threat" is some problem in loading program library files(DLL) by Windows Internet Explorer(and probably others), technical details is here.