Microsoft has issued a “Microsoft Security Advisory (953818), ‘Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform,'” that states:
Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.
At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. Upon completion of this investigation, Microsoft will take the appropriate measures to protect our customers. This may include providing a solution through a service pack, the monthly update process, or an out-of-cycle security update, depending on customers needs.
Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.
Suggested Action: Restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.
Microsoft has tested the following workaround:
• Change the download location of content in Safari to a location other than ‘Desktop.’
• Launch Safari. Under the Edit menu select Preferences.
• At the option where it states Save Downloaded Files to: select a different location on the local drive.
MacDailyNews Note We have also tested a workaround (and it succeeds beyond your wildest dreams):
• Get a Mac.
Full advisory here.
[Thanks to MacDailyNews Reader “Bizarro Ballmer” for the heads up.]
MacDailyNews Take: This is like Typhoid Mary advising on food safety.