All the latest UK technology news, reviews and analysis
|
|
|
17 Apr 2008
Apple has patched four security vulnerabilities in Safari affecting the Mac OS X and Windows versions of the web browser.
The vulnerabilities range from cross-site scripting to remote code execution.
For Windows XP and Vista users, the update addresses four flaws. Two of the vulnerabilities, a memory overflow error in the browser itself and a buffer overflow in the JavaScript component, could be exploited by an attacker to remotely install and execute malware on a target system.
Another flaw in the browser could allow for a URL to be displayed without the page itself being loaded. Apple warned that this could be exploited by an attacker to spoof legitimate sites by displaying normal URLs with forged web pages.
The fourth vulnerability is a flaw in the browser's WebKit component. An attacker could use a malformed URL to exploit the vulnerability and perform a cross-site scripting attack.
Mac users will receive updates for just two of the four flaws. Apple patched the JavaScript remote code execution flaw as well as the cross-site scripting vulnerability in the OS X version of the Safari patch.
Users can download the Safari update through Apple's Software Update application or from the company's Safari download site.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Order Processing Specialist - 12 Month Fixed Term Contract...
Great opening with one of the worlds leading information...
JAVA J2EE Developer required with RIA, web services...
Hi, Job Title : Linux Admin Location : Brussels...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Safari is pushed onto users
Isn't it illegal to push a software install onto a user's PC/MAC without informing them? Safari Browser is being pushed onto anybody with the iTunes or Quicktime media player and the Apple Auto updater program. You'll suddenly find that you have a browser on your machine with holes like these within a week of the launch. Updating applications should do just that. Update existing software and NOT install new software. That's like the saying, 'new and improved', which is it? New (nothing has preceded it) or improved (updated from a previous product)?
Posted by: Matthew 17 Apr 2008
When was the patch released
I did an check for updates today. It says I have the latest Opera. I went to Apple's Safari page. I clicked on download and gives you 3.11. I have Safari 9.27.
Posted by: LadyCash 17 Apr 2008