Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Apple patches Safari beta browser a second time

It also released a Mac-only security update for older versions of the browser

June 22, 2007 12:00 PM ET

Computerworld - Apple Inc. today issued security updates to patch four vulnerabilities in Mac OS X and the Safari beta, marking the second time in eight days that the company has had to fix its newest browser, which runs on both Mac and Windows XP and Vista machines.

The 2007-006 update for Mac OS X 10.3, "Panther" and 10.4 "Tiger," fixes a pair of problems in Safari -- the production-quality versions bundled with the operating system -- including a memory corruption vulnerability that could end with an attacker in control of the Mac. "Visiting a maliciously crafted Web page may lead to an unexpected application termination or arbitrary code execution," Apple said in its alert.

The second bug, and to Apple, the less serious of the two, is a cross-site scripting flaw (XSS) in Safari that could be used by phishing sites to steal usernames and passwords.

Apple today also updated the Safari beta, first released June 11, to version 3.0.2 for both Mac and Windows. Mac Safari 3.0.2 patches another XSS bug, while the Windows edition fixes that, plus a separate vulnerability that could let an attacker disguise the browser's address bar, perhaps as part of a spoofed site meant to trick users into divulging confidential information, such as bank account passwords.

For Mac users, 2007-006 and the Safari update are mutually exclusive. If a Mac user has installed Safari Beta 3, only the Safari update will be offered; users who haven't bothered to try out the beta will see only the standard Mac OS X update. Windows users can update Safari to 3.0.2 by downloading the new version from Apple's site, or by running the optional Apple Software Update utility.

The just-patched Safari bugs were credited to a team at Adobe Systems Inc., as well as to researchers at Westnet, an Australian Internet service provider, and Westpoint Ltd., a U.K.-based security company. None were accredited to Dave Maynor, one of several researchers who dug up vulnerabilities within a few hours of Safari 3.0's launch last week. Maynor, who said he had found half-a-dozen bugs straight away, refuses to disclose his findings to Apple, part of a year-long feud that goes back to a wireless hack demo Maynor and another researcher gave at last August's Black Hat security conference.

"Due to the cries of 'it doesn't count, it's beta,' we are waiting to release any further information till the browser is released in a final state," Maynor said in an e-mail earlier this week.

Read more about security in Computerworld's Security Knowledge Center.



Jump to comments

Apple

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs