Two years after fixing a security bug in the Windows version of its Safari browser, Apple has decided that Mac users can go without a fix. A security researcher developed what’s known as a “carpet bomb” attack in May 2008. Apple shipped a fix for Safari on Windows, but not for Mac OS X. Apple did not immediately respond to a request for comment on this story. Not everyone agrees that Dhanjani’s bug is not serious because there is no second bug that causes downloaded files to be executed.
Source: https://thehackernews.com/2010/11/two-years-later-apple-still-wont-fix.html