Safari "carpet bombing" - A Security Issue
Last week Nitesh and Billy Rios found a vulnerability in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you're using Safari on Windows. The ability to drop a file on your desktop in and of is a security vulerability and bit scary for every day normal users.
Infact, Apple is not considering this as a security vulnerability. I read in ComputerWorld article that StopBadware.org, a group founded by Google Inc., Lenovo Group Ltd. and Sun Microsystems Inc., on Monday asked Apple to reconsider its refusal to address the flaw as a security problem.
Apple claims that user should enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one.
Now, i can understand clearly while Apple is not considering this vulnerability as Security issue:)
All i can suggest is if you are using Safari on Windows then Don't!