Apple dismisses Safari vulnerability
Safari users are at risk of littering their desktops with malicious software because the browser does not ask for user permission when downloading files in the way that Firefox and Internet Explorer do, a security researcher said Thursday.
In a blog post titled "Safari Carpet Bomb," Nitesh Dhanjani describes how a rogue Web site can easily download resources to the Windows desktop or downloads directory on the Mac.
"Apple does not feel this is an issue they want to tackle at this time," he writes.
An Apple representative told Dhanjani that an "enhancement request" for an "Ask me before downloading anything" preference would be filed with the Safari team. "Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," the Apple representative wrote in an e-mail to Dhanjani.