resource center
  See your link here
|
Computerworld - Apple Inc. today patched 13 vulnerabilities in Safari with an update that takes the browser to Version 3.1. (Read Computerworld's review of the new browser.)
The new Safari, which Apple proclaimed is "the world's fastest Web browser for Mac and Windows PCs," fixed 10 flaws afflicting both the Mac and Windows editions, and three that affect Safari for Windows XP and Windows Vista. The majority of the 13 vulnerabilities were cross-site scripting bugs.
"Wow, Apple has to be careful," said Andrew Storms, director of security operations at nCircle Network Security Inc. "Safari may not have any more bugs -- and fixes -- than IE and Firefox, but unleashing a giant package like this is going to create worry among users.
"When you release a dot-release version and its comes with a mother lode of vulnerabilities, that can bring down the favorable relationship that Apple has with its users," Storms said.
Only one of the patched bugs carried Apple's most dire warning -- that the flaw could result in "arbitrary code execution." Unlike competitors such as Microsoft Corp., Apple does not use a rating system to note the seriousness of individual vulnerabilities. Most vendors, however, rank flaws that let attackers execute malicious code as "high" or "extremely high."
Nine of the vulnerabilities -- eight on Mac OS X -- were classified by Apple as cross-site scripting flaws, which are often used by phishers and other identity thieves, but in some cases can be used to plant malware -- a Trojan horse, perhaps -- on a machine.
It's easy to dismiss cross-site scripting bugs, warned Storms, but doing so misses the big picture. "We've come to learn that cross-site scripting vulnerabilities are not the worst of the possible scenarios. But you have to understand where researchers are coming from. They're concentrating on cross-site scripting vulnerabilities, as well as other client-side [bugs]. It's all browsers these days."
Apple spelled out the details of the 13 bugs in a security advisory that accompanied the Safari 3.1 update.
The updated browser can be downloaded from Apple's Web site in versions for Mac OS X 10.4 (Tiger), Mac OS X 10.5 (Leopard), Windows XP and Windows Vista.
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
