Apple updates Safari browser, busts 13 bugs
'Wow, Apple has to be careful,' researcher says
The new Safari, which Apple proclaimed is "the world's fastest Web browser for Mac and Windows PCs," fixed 10 flaws afflicting both the Mac and Windows editions, and three that affect Safari for Windows XP and Windows Vista. The majority of the 13 vulnerabilities were cross-site scripting bugs.
"Wow, Apple has to be careful," said Andrew Storms, director of security operations at nCircle Network Security Inc. "Safari may not have any more bugs -- and fixes -- than IE and Firefox, but unleashing a giant package like this is going to create worry among users.
"When you release a dot-release version and its comes with a mother lode of vulnerabilities, that can bring down the favorable relationship that Apple has with its users," Storms said.
Only one of the patched bugs carried Apple's most dire warning -- that the flaw could result in "arbitrary code execution." Unlike competitors such as Microsoft Corp., Apple does not use a rating system to note the seriousness of individual vulnerabilities. Most vendors, however, rank flaws that let attackers execute malicious code as "high" or "extremely high."
Nine of the vulnerabilities -- eight on Mac OS X -- were classified by Apple as cross-site scripting flaws, which are often used by phishers and other identity thieves, but in some cases can be used to plant malware -- a Trojan horse, perhaps -- on a machine.
It's easy to dismiss cross-site scripting bugs, warned Storms, but doing so misses the big picture. "We've come to learn that cross-site scripting vulnerabilities are not the worst of the possible scenarios. But you have to understand where researchers are coming from. They're concentrating on cross-site scripting vulnerabilities, as well as other client-side [bugs]. It's all browsers these days."
The updated browser can be downloaded from Apple's Web site in versions for Mac OS X 10.4 (Tiger), Mac OS X 10.5 (Leopard), Windows XP and Windows Vista.
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts