RSS Alerts

Related Links

  • Apple
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...
  • Windows and Mac users asked to upgrade to Safari 4.0.5
    Whilst the industry seems transfixed by a tablet computer that does not currently appear to multitask, Apple Computer is also up other things than selling iPads, releasing a major update to its Safari web browser.
  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.
  • Safer Internet Day – watch out for fake updates says Webroot
    Today, as you may have noticed, is Safer Internet Day, when vendors in the IT security world will almost certainly be appearing on the radio and TV explaining how to surf the net more securely. But, says Webroot, one of those vendors, users should watch – especially today – for fake updates to their security software.
  • Google users targeted by new malicious websites
    Network security company eSoft’s threat prevention team has discovered new malware sites specifically targeting users of Windows operating system and Google.

News

Apple releases Safari 4.0 to counter security flaws

10 June 2009

Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit

According to Apple, which is taking a refreshingly open approach to software security flaws, Infosecurity notes, these browser vulnerabilities can allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.

US-CERT appears to be sufficiently impressed with Apple's approach and development of the new Safari browser edition to post a security notice on its website, suggesting that users review Apple article HT3613 and upgrade to Safari 4.0 to help mitigate the security risks.

The security flaw on CFNetwork, for example, apparently allows downloaded image files to be misidentified as HTML, potentially leading to JavaScript execution without warning the user.

On CoreGraphics, meanwhile, Apple reports that visiting a maliciously crafted web site could lead to an unexpected application termination or arbitrary code execution.

This is caused, Apple explains, because CoreGraphics contains memory corruption issues in the processing of arguments.

On the Windows version of Safari, meanwhile, Apple says that the `Reset Safari' option may not immediately remove website passwords from memory, so posing a potential security risk.

When users click the reset button for `Reset saved names and passwords' in the `Reset Safari' menu option, Apple admits that the browser can take up to 30 seconds to clear the passwords.

A user with access to the system in that time window may be able to access the stored credentials.

 

This article is featured in:
Application Security Data Loss Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water