ARN

Apple updates Safari browser, busts 13 bugs

'Wow, Apple has to be careful,' researcher says
Gregg Keizer (Computerworld)  19 March, 2008 08:07:18

Apple Tuesday patched 13 vulnerabilities in Safari with an update that takes the browser to version 3.1.

The new Safari, which Apple also proclaimed "the world's fastest Web browser for Mac and Windows PCs," fixed the same 10 flaws in the Mac and Windows editions, and three more in Safari for Windows XP and Windows Vista. The majority of the 13 vulnerabilities were cross-site scripting bugs.

"Wow, Apple has to be careful," said Andrew Storms, director of security operations at nCircle Network Security. "Safari may not have any more bugs, and fixes, than IE and Firefox, but unleashing a giant package like this is going to create worry among users.

"When you release a dot-release version and its comes with a mother lode of vulnerabilities, that can bring down the favorable relationship that Apple has with its users," Storms said.

Only one of the patched bugs carried Apple's most dire warning, that it could result in "arbitrary code execution." Unlike competitors such as Microsoft, Apple does not use a rating system to note the seriousness of individual vulnerabilities. Most vendors, however, rank flaws that let attackers execute malicious code as "high" or "extremely high."

Nine of the vulnerabilities -- eight on Mac OS X -- were classified by Apple as cross-site scripting flaws, which are often used by phishers and other identity thieves, but in some cases can be used to plant malware -- a Trojan horse, perhaps -- on a machine.

It's easy to dismiss cross-site scripting bugs, warned Storms, but doing so misses the big picture. "We've come to learn that cross-site scripting vulnerabilities are not the worst of the possible scenarios. But you have to understand where researchers are coming from. They're concentrating on cross-site scripting vulnerabilities, as well as other client-side [bugs]. It's all browsers these days."

Apple spelled out the details of the 13 bugs in a security advisory that accompanied the Safari 3.1 update.

The updated browser can be downloaded in versions for Mac OS X 10.4 (Tiger), Mac OS X 10.5 (Leopard), Windows XP and Windows Vista from Apple's Web site.

Have your say!
Add to Google
ARN Directory | Distributors relevant to this article
Altech Computers , Aquion , ASI Solutions , Australasian PC Distributors (APCD) , Brightpoint Australia , Compucon Computers , Dicker Data , Digicor , Digital World Warehouse , EDsys Computers , Express Data , Express Online , Impact Systems Technology , Infortech Distribution , Ingram Micro Australia , itX , LDS International , Leader Computers , Leading Pacific Australia , NewLease , Simms International , Synnex Australia , Techhead Connect , Topstar Computer International , Unixpac , Westan , WhiteGold Solutions , XiT Distribution , Xpress I.T.
Newsletters
Sign up for our ARN newsletters!

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Enter the fully qualified URL, eg. http://www.example.com/
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Syndicate content
 
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
Jobs
ARN Community Comments
Most Commented
ARN Library


Read Material

Microsoft Anti-Piracy Infringement Alert

The Microsoft Anti-Piracy Newsletter outlines what Microsoft is doing to protect your business from Software Piracy and highlights recent legal action taken against those who infringe our copyright.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.