Apple Safari version 3.x on all versions of Microsoft Windows

Category: ALERT
Severity: HIGH
Attention: Safari on Windows Users, System Administrators, Desktop Support Personnel.

Summary: Multiple Internet Security Resources are currently reporting the existence of a 'blended' security vulnerability/threat condition that exists on Microsoft Windows computers that utilize Apple's Safari Web Browser software.  If a user were to visit a maliciously-crafted website* using the Safari browser it is possible that malicious software programs could be automatically downloaded onto a vulnerable computer without the content of its user.  At the time of this writing (10:30 AM 6/2/08) no patch has been made available from Apple or Microsoft to address this blended threat condition and no active exploitation of this vulnerability on the Internet has been reported.

*It is important to note that recent research into the nature and trends of maliciously-crafted sites shows the majority of websites hosting maliciously-crafted software are ones users presume to be "legitimate" sites or advertisements for well-known and/or trusted products.

Recommended Actions:  Microsoft Windows users are strongly encouraged to NOT use Safari as their primary web browser until a patch for this vulnerability has been issued by the vendor(s).  Safari on Windows users are also encouraged to read the security advisory information (safe links provided below) for more information on the nature of this blended threat.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Microsoft Technet Blog Entry:
http://blogs.technet.com/msrc/archive/2008/05/30/security-advisory-953818-posted.aspx

Microsoft Security Advisory:
http://www.microsoft.com/technet/security/advisory/953818.mspx

Network World Article on blended condition and impact for Windows users:
http://www.networkworld.com/news/2008/060108-safari-flaw-worse-than-first.html

Secunia Advisory:
http://secunia.com/advisories/30467/