All the latest UK technology news, reviews and analysis
|
|
|
15 Jun 2007
Apple has released an update to the beta of its Safari 3 browser for Windows that repairs three vulnerabilities.
Two of the repaired flaws could allow an attacker to take control of a system. A third exposes the user to a cross-site scripting vulnerability that could lead to disclosure of confidential information.
Security researchers took just hours to find the first security holes after Apple released a beta of the browser on Monday. Researchers have reported a total of seven security vulnerabilities.
One of the repaired vulnerabilities was discovered by Thor Larholm, although Apple did not credit the researcher.
"Given that Apple has a lousy track record with security on OS X, and a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted at this new Windows browser," he wrote when he disclosed his vulnerability in a blog posting on Tuesday.
In another posting on Thursday, Larholm claimed that the update is still ignoring several weak spots in the browser that allow him to crack the security again with a few tweaks to his original exploit.
Safari 3 is currently in beta making it unlikely that people are using the software as their primary browser. This will limit the risk that attackers will target the vulnerabilities.
Breaking with the way the company traditionally discloses security flaws, Apple did not post details of the update on its security updates site but disclosed them in an email to a mailing list.
Apple is breaking with common procedures in other areas too. The update to the application is listed as version 3.01, but it is uncommon to change version numbers of software when in the testing phase.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
We have been given the privilege of recruiting for a...
My client is a proprietary, electronic trading firm and...
Our client is looking for a Senior Project Manager (Telecoms...
Business Analysts are being sought by my leading financial...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Ever heard of the term "beta"?
Come on, its a BETA version of the final product, so there are bound to be a few remaining problems with it. That's the whole POINT of releasing beta versions...to identify and therefore repair errors. And yet people act surprised when they actually find a flaw SHOCK HORROR! I would have been surprised if it had been perfect, really, since - and I repeat - IT IS ONLY A BETA VERSION! Reviewers are intended to be neutral analysts of these matters, yet this Thor Larholm seems predispossessed to object to this software, purely for the fact that it was produced by Apple. Not doing his job very well is he?
Posted by: Rob Williams 15 Jun 2007