From Network World:

A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers.

The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a victim’s machine, and could be used by criminals in Web-based computer attacks, security experts say.

Now that there is a public example of the attack code, Safari users running the Windows operating system should be concerned, said Eric Schultze, chief technical officer at Shavlik Technologies. “This is a bad thing. If you’ve got Safari, you’re in trouble,” he said.

The Safari bug, originally disclosed on May 15 by security researcher Nitesh Dhanjani, allows attackers to litter a victim’s desktop with executable files, an attack known as “carpet bombing.”

Two weeks later, security researcher Aviv Raff said that if this flaw is exploited in combination with bugs in Windows and Internet Explorer, attackers can run unauthorized software on a victim’s computer.

Read on.

Article Link