Safari 7.0 on Mavericks - unrequested file download

[Renko31]

Hi

Just made a troubling discovery using Safari.

Visiting certain pages on digital spy.co.uk is automatically downloading a flash file for an advert - BLUEWATER_VIDEOAD_30s_inbanner.flv.
I didn't click on the advert link, it automatically happens when opening a page with this advert on it.
This despite having Flash turned off for this site in Preferences.

I am sure it is an innocuous file, but isn't this incredibly insecure?

 

[wrldwzrd89]

Hi

Just made a troubling discovery using Safari.

Visiting certain pages on digital spy.co.uk is automatically downloading a flash file for an advert - BLUEWATER_VIDEOAD_30s_inbanner.flv.
I didn't click on the advert link, it automatically happens when opening a page with this advert on it.
This despite having Flash turned off for this site in Preferences.

I am sure it is an innocuous file, but isn't this incredibly insecure?

Yes. That concerns me too - that's the kind of vector the bad guys use - a so-called drive-by download.

 

[tyr2]

I would suspect it is because the advertising provider isn't providing the correct 'mime type' for the object. I.e. it is not telling the browser that it is a flash file, but rather something else. Is there a specific page it is happening on?