The first flaw is an error when downloading a zip file with an overly long filename that can be exploited to cause memory corruption.
In addition claims Secunia, another error occurs in the handling of Windows can be exploited to display arbitrary content while showing the URL of a trusted Web site in the address bar. This follows hot on the heels of the controversy about Apple pushing Safari onto Windows users’ desktops through the Apple Software Update for Apple’s iTunes music application.
And Mozilla CEO John Lilly has gone on record claiming Apple’s actions were “bordering on malware.” Lilly added, “What Apple is doing now with their Apple Software Update on Windows is wrong. It undermines the trust relationship great companies have with their customers, and that’s bad — not just for Apple, but for the security of the whole Web.”