A little obversation in Safari

After I heard that Apple already fixed the carpet bomb vulnerability in Safari 3.1.2, I tried to continue using Safari in my Mac OS. However, I discover that seems the problem still remains, so I switch to Windows and see if this is solved in Windows only. That’s true, the carpet bomb is patched in Safari 3.1.2, but only in Windows version, I don’t understand why Apple can partially fix the problem. Although the issue may not be as serious as Windows, but still, the problem exists!

When I was trying to verify whether this bug has been fixed, I discovered that by default the status bar is hidden in Safari. This is a any vulnerability, but I think sometimes it is a very useful tool to avoid phishing. It is because when you move your cursor to a hyper link, the status bar will show the destination of the link without clicking it. Take the following as an example. More than a month ago, there is a spam flowing around the Internet. The content of the mail is captured as follow.

All the links and the content of the mail look fine, but the Download link is point to a trojan! At this moment, a careful user will use the status bar to examine the links before really clicking on it. Or sometimes you use it naturally but you don’t notice that.

Since Google Chrome using the same core system of Safari, I have just checked to see if Chrome also has this issue. The status bar in Google Chrome basically is “hidden”, but when it needs the status bar appear, it will show up. What I mean is Chrome will show up the links when you move over it.

I am still looking forward to see Apple solve the carpet bomb in Mac version of Safari. At this moment, no reason for me to use it.

Filed under: browser, spam , apple, carpet bomb, safari