ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Apple fixes 12 Safari security flaws

By | November 13, 2008, 2:22pm PST

Summary: Apple has release Safari 3.2 to fix at least a dozen security flaws, some very serious. The update, available for Windows XP, Windows Vista and Mac OS X (Tiger and Leopard), address vulnerabilities that could be exploited to take full control of a compromised machine. Some of the more serious flaws: CVE-2008-1767: A heap buffer overflow issue [...]

Apple plugs critical Safari holesApple has release Safari 3.2 to fix at least a dozen security flaws, some very serious.

The update, available for Windows XP, Windows Vista and Mac OS X (Tiger and Leopard), address vulnerabilities that could be exploited to take full control of a compromised machine.

Some of the more serious flaws:

CVE-2008-1767: A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution. Further information on the patch applied is available via
http://xmlsoft.org/XSLT/.

CVE-2008-3623: A heap buffer overflow exists in CoreGraphics’ handling of color spaces. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution.

CVE-2008-2327: Multiple uninitialized memory access issues exist in libTIFF’s handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.

CVE-2008-2332: A memory corruption issue exits in ImageIO’s handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.

CVE-2008-3642: A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution.

Three of the 12 issues were found and fixed in WebKit, the open-source Web browser engine.

Safari 3.2 should be treated as an “highly critical” update.  End users should apply this patch immediately.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple Safari, Apple Inc., Arbitrary Code Execution, Buffer-overflow, TIFF, Application Termination, Security, Viruses And Worms, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
47
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Apple fixes 12 Safari security flaws
lovedong Updated - 12th Sep
Looking forward to seeing more from you chanel bags
View in thread
0 Votes
+ -
Apple engineers are an odd bunch
NonZealot 13th Nov 2008
Apple zealots praise Apple because Apple releases a patch as soon as it is ready instead of waiting until they can bundle it up in a package that is more convenient to end users. What I find interesting about Apple engineers is that they seem to do no bug fixing at all and then in 1 day, fix 12 flaws. Or, in the case of previous OS X patches, they will sometimes fix 40 flaws all at once!! I just wonder why they wait so long before these "coding sprints"? Couldn't they have fixed one of these Safari flaws last week and released it, then another early this week and released it, then another today and released it? Why wait until Thursday to do all of your coding at once? Like I said, if Apple zealots are right about Apple releasing patches as soon as they are ready, then Apple engineers are a very odd bunch.
0 Votes
+ -
LOL! nt
ye 13th Nov 2008
.
0 Votes
+ -
NZ
Win3.1 13th Nov 2008
NZ, do you use a search macro to find every Apple Computer
story? For a company you seem to strongly dislike it seems to
rule your life.
0 Votes
+ -
It's a PR game
eMJayy 13th Nov 2008
If they went ahead and fixed each problem one at a time, their flaws would garner more attention in the press and their software superiority claims would suffer a major hit.
0 Votes
+ -
I think you are partially right but from experience.
xuniL_z 14th Nov 2008
Apple flaws, no matter how many are fixed, are up for part of one day...all of one day at the most on the home page.


The media is Apple friendly, they have no worries.


If Vista has 5 patches on patch Tuesday, you can count on seeing 12 different spins on it and a sidbar story until the next patch tuesday.



If I were Jobs and looked at my own download site and realized that most of them are patch fixes, very very large ones in many cases, i would be embarrassed to be Steve Jobs.


But he knows between his loyal legions, the Apple friendly press and daily lies in advertising, they can have the most bandaid covered OS in the land and they'll never pay a penalty for it in the consumer's eyes.


At least, not any who are paying attention.
0 Votes
+ -
why?
doh123 13th Nov 2008
why do you twist things... that has never been the argument.

The argument is when a patch, such as this one, is ready to deploy, Apple releases it... yes it might fix multiple vulnerabilities, and some might have been fixed a week ago, but they were still finalizing that patch. The argument is where MS will have a patch finalized, identical to what they are going to release, then wait 2 or 3 weeks to release it because it just wasn't the right time of the month.

its about releasing patches, not about fixing individual vulnerabilities.
0 Votes
+ -
What on EARTH are you talking about?
NonZealot 13th Nov 2008
The argument is where MS will have a patch finalized, identical to what they are going to release, then wait 2 or 3 weeks to release it because it just wasn't the right time of the month.

What??? Are you serious?!? How on earth do you know that MS sits idly on a patch for 2-3 weeks before releasing it? How do you know they aren't testing and fixing right up until the last day? Well, hopefully not fixing on the last day but certainly testing! You state in your post: (Apple vulnerabilities) might have been fixed a week ago, but they were still finalizing that patch. Of course that is the case yet it seems incomprehensible to you that MS might actually schedule bug fixes and "finalizing of the patch" so that the package is ready to go by the second Tuesday of the month and not much before it? In fact, considering MS does use a predictable schedule, it probably makes things so much easier for everyone on the project team since they know exactly how long they have for coding and how long they have for testing.

The only difference I see is that Apple decides a patch is "finalized" based on some algorithm that only Apple knows about. It isn't schedule based. It isn't # of fixes based. MS has simply formalized their schedule. Having actually been a part of one (or two wink ) software projects, we would schedule patches to be released every month but I assure you we wouldn't just code for the first week and take the next 3 weeks off! We got as much stuff done as we possibly could before bundling it and releasing it on the predetermined schedule. If you checked the date on the DLLs, it might appear that we "sat on them for a week" but that is only because you don't make any changes right before release. Everything needs to be tested and if there are any showstoppers in the testing, you don't fix them and release on schedule, you scrap the whole release or you scrap that one fix. You never code right up until the release date but that hardly means your testing department isn't doing anything. And while testing is doing their stuff, we would be working on next month's patch. And I'm only talking about a small project compared to Windows!

If you have proof that the Windows team codes for a few days, tests for a few days, and then sits on the finalized patch until Tuesday, I suggest you give it to us now. Otherwise, I'll have to remind you that only you can stop the spread of FUD.
0 Votes
+ -
In fact, here is a perfect example
NonZealot Updated - 13th Nov 2008
Fix removed one day before Patch Tuesday.

This tells us that no, MS is not sitting around waiting for patch Tuesday. They are testing right up until the last minute and in this case, decided the day before that the fix wasn't quite right. Your point has now been utterly and completely destroyed. Thanks for playing!
0 Votes
+ -
ditto
richvball44 13th Nov 2008
I'll have to remind you that only you can stop the spread of FUD.
0 Votes
+ -
Hmm. Microsoft sat on this one...
msalzberg 13th Nov 2008
for seven years.
http://blogs.zdnet.com/security/?p=2165

Thank you for playing.
0 Votes
+ -
Hmm, you must have missed the talkbacks on that one!
NonZealot Updated - 13th Nov 2008
Microsoft neutered the vulnerability with NTLMv2 3 years before the vulnerability was discovered and have closed the hole before NTLMv2 was cracked. Read the talkbacks, you might learn something.

Oh, and thank you for playing! happy
0 Votes
+ -
You truly believe that...
msalzberg 14th Nov 2008
an organization that can write an OS from the ground up
in a couple of years really had that much trouble
fixing a bug?

And if it had been 'neutered,' why has an exploit for the
bug "been part of the Metasploit hacking tool since July
2007?"

Usually when something's neutered, the vital parts don't
grow back. So, I guess it wasn't neutered, after all. Just a
bug that sat there for 7 years.
0 Votes
+ -
Poor msalzberg, you were really hoping to win this one
NonZealot 14th Nov 2008
And if it had been 'neutered,' why has an exploit for the bug "been part of the Metasploit hacking tool since July 2007?"

One of the big differences between you and me is that I actually research the things I talk about. Had you actually read the talkbacks, you would have come across a link that stated that the exploit required the target to be using NTLM. NTLMv2, which came out 10 years ago (3 years before the vulnerability was discovered in NTLM), neutered the exploit. So while the exploit has been a part of the Metasploit hacking tool for a while, it could only be used against someone who used a protocol that had been replaced 10 years ago.

You complaining about this would be like saying there has been a bug in Apache for 13 years because you can use password sniffers on those who configure it to use clear text usernames and passwords. Don't use clear text usernames and passwords with Apache and those "exploits" are neutered even though the vulnerability still exists.

Sorry msalzberg, you are truly fighting a losing battle here and judging from the talkbacks in the article you linked to, most people understand this one for what it is: a desperate attempt by the anti-MS crowd to justify their choice of competing OS, all the more ironic since those same people are the ones who yell MONOPOLY every chance they get. happy
0 Votes
+ -
@NonZealot: The problem with your argument is NTLM is still available.
ye 14th Nov 2008
Despite being replaced with more secure protocols NTLM is still available.

So while the exploit has been a part of the Metasploit hacking tool for a while, it could only be used against someone who used a protocol that had been replaced 10 years ago.

That depends on what you mean by replaced. Windows itself moved off of NTLM authentication years ago. However, in a default configuration, NTLM is still enabled and therefore can still be exploited.
0 Votes
+ -
@ye...
msalzberg 14th Nov 2008
Please don't confuse the Zealot with facts; at least not those
that he hasn't made up himself.
0 Votes
+ -
GUYS!
de-void-21165590650301806002836337787023 14th Nov 2008
There are known flaws that have remained for many decades in most major internet protocols: DNS, FTP, SMTP, etc. Do you suggest that because of this they should be removed wholesale from every OS that supports them?

Of course not. MS has a responsibility to continue to support customers' needs. They've not removed SMB 1.x support because some customers (for reasons fo their own) continue to operate systems that they built more than 10 years ago.

If you're working in a more enlightened environment that has kept (even moderately) up to date, however, you won't have any SMB v1 in your network and so you won't be affected.
0 Votes
+ -
@de-void: Where do you guys keep coming up with this?
ye Updated - 14th Nov 2008
There are known flaws that have remained for many decades in most major internet protocols: DNS, FTP, SMTP, etc. Do you suggest that because of this they should be removed wholesale from every OS that supports them?

I don't believe I've ever said they should be removed. Yet you're the second person to reach this conclusion. Why?
0 Votes
+ -
@msalzberg: Then prove that I'm wrong
NonZealot 14th Nov 2008
Please don't confuse the Zealot with facts; at least not those that he hasn't made up himself.

If I've made up the fact that those using a 10 year old protocol (NTLMv2) are immune to this exploit then prove it. You keep claiming that I make up facts yet you can't ever disprove any of the stuff I say. That either makes me right or an absolutely brilliant liar. happy
0 Votes
+ -
@ye: default is NTLMv2
NonZealot 14th Nov 2008
The default configuration is to use NTLMv2 but to accept NTLM if that is all the client can handle (and you have to go back 8 years to find a Windows client that didn't come with out-of-the-box NTLMv2 support. It is a simple checkbox setting to refuse NTLM credentials.

The way the man in the middle attack works is that a compromised machine can intercept the NTLM hashes and the hacker can then crack them later on to figure out the username and password. The exploit had nothing to do with forcing machines to use NTLM or using an "NTLM" port (no such thing exists). In its default state, all Windows communication between clients built within the last 8 years would be using NTLMv2. The fact that they could accept NTLM authentication from Win95 in no way helps a hacker if there is no such Win95 client on the network and even if there was, you could only hope to steal the username and password from a user using that one machine.

Again, back to the Apache analogy. The fact that Apache could accept cleartext usernames and passwords does not help a hacker if no one uses it.
0 Votes
+ -
@NonZealot: The default used by Windows is irrelevent.
ye Updated - 14th Nov 2008
What is relevent is the protocol used by the malware writer. If I were a malware author interested in compromising a Windows system with this vulnerability I would write it to use NTLM and bypass Windows completely.

BTW the default has been kerberos since Windows 2000.
0 Votes
+ -
@ye: I understand the distinction now
NonZealot 14th Nov 2008
Default is to negotiate so an active attacker could claim not to understand NTLMv2 and the target will gracefully drop down to NTLM, providing the attacker with weak hashes that could then be cracked. This is why the fix (one setting at the domain level) is to refuse to negotiate. The only reason not to do this would be if you still had pre-NT SP4 or Win9X machines without NTLMv2 support.

So to recap:
1. The attacker needs admin access to the target machine.
2. The attack cannot be initiated from outside the network since no one (should) open port 139 to the Internet.
3. Unless you have very old machines on your network, disable NTLM negotiation and you've neutralized the vulnerability.
4. Apply the patch that was just released. happy

The fact that this exploit has not gained much traction suggests that the first 3 factors above basically made the exploit far more difficult to use than practical.

Thanks ye, I appreciated having a discussion with someone intelligent enough to respond with something better than a personal attack. happy
0 Votes
+ -
you helped...
doh123 14th Nov 2008
you helped prove my point...

MS does patches on a time schedule.. set for a release at a certain time... they could finish a patch and get it out in 3 days.. but why.. schedule it out and get it out in 2 weeks when its patch time instead of doing it faster...

whereas a lot of other companies work on a patch and get it done and out when its done, instead of working towards some set day.
0 Votes
+ -
You are confusing a fix with a patch
NonZealot 14th Nov 2008
A patch is a collection of fixes. Apple does not release fixes as soon as they are "done", they do exactly what MS does: choose a set of fixes, bundle them in a patch, do a bunch of testing, and then release. A patch from Apple will contain fixes that were probably code complete weeks earlier. If that wasn't the case, it leads to the ridiculous conclusion that I posted in my original post: Apple engineers are an odd bunch who code all of their fixes at once. happy

I don't believe that either Apple or Microsoft "sit" on a patch although both would include fixes that were code complete long before the patch is released.

whereas a lot of other companies work on a patch and get it done and out when its done, instead of working towards some set day.

So when was this patch from Apple "done". Why did they include the fixes they included? If they had dropped the last fix they finished, they could have released this patch a few days earlier. Had they dropped the last fix before that, they could have released this patch a week earlier. This patch is an arbitrary collection of fixes that happened to have been finished around the time Apple felt like releasing a patch. In fact, if Apple has any project management competency at all, the release date of this patch was chosen weeks ago. It almost certainly was not released as soon as the first fix was "done". The only (competent) organization that work this way is the open source community and even then, only if you are building your stuff straight from the source code repositories. If you are using a distro, you are getting patches with fixes in them that were "complete" days or weeks earlier.
0 Votes
+ -
One more thing: look at Apple's patch schedule
NonZealot 14th Nov 2008
The funny thing is that MS probably releases patches quicker than Apple. Apple will sometimes go more than a month without releasing a patch, Microsoft never will. Now, if you honestly believe that this is because Apple had not fixed any bugs in that month, I have a bridge to sell you. happy
0 Votes
+ -
Manageability
de-void-21165590650301806002836337787023 14th Nov 2008
Microsoft used to release patches individually, but it turned out to be a major headache for most enterprises that coordinate patches of their internal machines because they have to test each patch (or set of patches) with their internal LOB apps. Testing a large suite of LOB apps against many hundred patches at random times is a lot more costly and difficult than testing your LOB apps on a recognized schedule.

However, there are always exceptions to the rule and if a vulnerability is suddenly exploited in the wild, then MS does generally release a high-priority fix as soon as it's been tested.

This happened just 2 weeks ago - you may have seen your machine reboot.
0 Votes
+ -
Really....
ShadowGIATL 13th Nov 2008
"its about releasing patches, not about fixing individual vulnerabilities."

But... isn't fixing the vulnerabliities by whatever means the point?

MS releases patches on a weekly, sometimes daily basis these days. It took Apple how long to patch these? Apple has been notoriously slow at patching period. No wonder the *nix world is glad that Apple claims they rebuilt the OS from the ground up and it's not really "*nix" anymore.

I'm sorry, but anyone that believes Apple is concerned more about its customers then its bottom line obviously hasn't compared its patch release cycle and its profit margins. Profit margins padded by offering the same Intel based hardware and the same "free" and "open source" based OS as other companies do yet charge more.

But wait... they have style! They are white and grey. Because they are whiteand grey... they are obvious style trend setters. Ummm... weren't PC's white, until peope decided white turned yellow and was hard to clean?

Seriously. Nothing against Apple. I'd use them if they didn't cause the user to become an instant "my system is better then yours" Mac fanboy. Is there some kinda clause in the purchase of a Mac that you can no longer conversate with people without adding but Mac just does it better into every conversation?

Might would help if they really did. But they are just another PC company. They compete just like everyone else. Well... like everyone else with 3% marketshare.
0 Votes
+ -
You'd have to be a complete idiot to think Apple...
ye 14th Nov 2008
...fixes 40 vulnerabilities all at the same time.
0 Votes
+ -
you...
doh123 14th Nov 2008
you have to be a complete idiot to also think I even said that.
0 Votes
+ -
But that's exactly what you're saying:
ye 14th Nov 2008
"The argument is when a patch, such as this one, is ready to deploy, Apple releases it..."

The only difference is Apple bundles up 40 vulnerabilities into a single patch whereas Microsoft tends to release multiple patches covering far fewer vulnerabilities per patch. This will be the focus of your spin.
0 Votes
+ -
Which is exactly what they did....
ariesghost 17th Nov 2008
Less than 45 days ago..... Sat on a bunch of fixes and launched them in one super patch.... Thanks for playing... Apple fanboy fails like a fat kid at weight watchers.
0 Votes
+ -
perhaps
richvball44 13th Nov 2008
when they uncover one they find others? and in doing so they fix them and then release
0 Votes
+ -
So they don't release the fix for the first one right away?
NonZealot 13th Nov 2008
Thanks, that's all I needed you to admit. happy
0 Votes
+ -
As the old adage says ...
Laraine Anne Barker 17th Nov 2008
it takes one to know one.
0 Votes
+ -
you show your ignorance or your zealotry
Dave Mount 18th Nov 2008
if you understood the bug-fixing, patch-coding process,
you might have saved yourself some embarrassment: it
makes no sense to release individual patches or fixes if
those issues are interlinked... Are you an engineer of ANY
kind, or just spend your time emailing on this site to
provoke controversy?
Engineers of professional status KNOW that when you fix
one system or subsystem, it invariably effects other
subsystems, so it is important, sometimes essential and
less embarrassing, to fix all the known issues at once, test
the fix, re-address the shortcomings of the fix, test again
and continue on this cycle until the best solution is
achieved. Then you release the complete fix.

The alternative is to fix one problem, (maybe even test it, if
you're an engineer with a conscience), release that. Then
work on the next one, test, and release it... Hopefully, the
release of the second fix won't adversely affect the patch
of the first...

Another reason has to do with efficient use of the
engineering team, but some people are so arrogant that
they'd never work in a team, or work as a team member...

Finally, is your understanding of a quality process so
limited that you don't consider that testing is an important
part of the complete cycle? Every professional engineer
knows that Plan, Test, Assess is a cycle that is critical to
producing a quality product. This doesn't always happen in
8 hours... not even at Microsoft!
0 Votes
+ -
RE: Apple fixes 12 Safari security flaws
lovedong Updated - 12th Sep
Looking forward to seeing more from you chanel bags
0 Votes
+ -
RE: Apple fixes 12 Safari security flaws
cypherpunk@... 13th Nov 2008
What about iPhone? It's a bit dumb releasing patches for only some of the platforms that use Safari - makes it easy for the bad guys to reverse-engineer the fix, and create exploits that target the still-vulnerable platforms.

Automatic updates for iPhone would be nice... (Why should I wait for new firmware to get these fixes?)
0 Votes
+ -
Too primitive approach!
no nonsense 16th Nov 2008
To fix a dozen bugs, do they have re-install Safari? It looks like 1980s!
0 Votes
+ -
Google Chrome vs Firefox - A Video Review
pcwizkid.tech.talk@... 16th Nov 2008
tired of the default OS web browser such as IE or Safari?

Well take a look at Google's web browser "Chrome" ans see how it stacks up to Firefox 3.x

Watch the video review here:
http://pcwizkid.blogspot.com/2008/09/google-chrome.html

Cheers
PCWizKid
0 Votes
+ -
Say it is not so!!
Baer 17th Nov 2008
That can not be!! Apple never has security flaws! Apple need no patches. Tell me this is not so! The Mac guy on TV says it can not happen!!
0 Votes
+ -
RE: Apple fixes 12 Safari security flaws
gennx30 Updated - 17th Nov 2008
hmmmm....yet we NEVER seem get any confirmable
reports of anyone actually catching one of these
"flaws/malware/virus's" on their Macs-that is, in the real
world-in the wild.
I havent heard of a single ANYTHING infecting ones Mac,
(save rumors of one-MAYBE two) -non critical, if true-for
TEN YEARS -
I dont use Snortin' Security, etc, am on the web all the time-
and visit 'questionable' sites from time to time.

Another cheerful irony-with Mac able to install and use
Windows now for 2 years, there have been no reports ive seen of
intrusions , malware, etc into the Windows partition; Hah!

These 'flaws' must not have been very pressing for Apple to wait
2 months to release a patch.
These are all theoretical flaws designed in the lab as POSSIBLE-
if someone were going to hack a Mac, on a large scale, not in a
lab, they surely would have done so by now.
Again scanning many of the major Mac forums and BBs
Have not heard a word of an ACTUAL virus, trojan, etc ever;
Proof of that is looking at the annual Secunica index of viruses,
malware at the end of each year.
Usually (1) one page for Mac, all inert ie: never reported out in
the real world-just theoretical lab created/tested-no harm done

Sadly, maybe 20 pages for Windows, with dozens of actual
damage causing nasties out causing havoc.

Once a year I may install a Security app to scan JUST IN
CASE I might have missed something- and always come up with a
ZERO. waste of time.

Halariously, from time to time, to reverse severely sagging Mac
sales numbers, Norton will announce in a DEFCON 4 tone of
panic- that the virus "Wash287-B" has been discovered out there-
it could blow up your Mac!" BUY NOW! (NortonAV of course)
Yet we never hear of it on peoples machines.
To misquote Bill Clinton:(?)
"ITS THE MACS UNIX FOUNDATION, STUPID!"
0 Votes
+ -
LOL
rtk 17th Nov 2008
"Another cheerful irony-with Mac able to install and use Windows now for 2 years, there have been no reports ive seen of intrusions , malware, etc into the Windows partition; Hah!"

This is hilarious. Do you believe the inactive OS X partition is somehow protecting the running Windows partition? Or maybe it's the commodity hardware it's running on? The shiny case?

That single paragraph showcased your complete lack of systems knowledge, but the absolute power of the RDF is obvious.
0 Votes
+ -
Facts, please
frabjous 18th Nov 2008
The statement was that gennx30 had seen no reports of
"intrusions, malware, etc into the Windows partition" on
Mac systems running Windows. That was reporting a
factual experience, not a belief.

rtk, if you can give us links to any such reports, please
provide them--but I haven't seen any, either, to my
genuine surprise.

If you can't, please quit the juvenile "shiny case" sarcasm
and take time to read posts before erroneously responding.
0 Votes
+ -
Reality, please.
rtk Updated - 18th Nov 2008
gennx30 clearly implied that the Apple mac computer was somehow protecting Windows from "intrusions, malware, etc". Sure, it was anecdotal, but the implication was clear.

What links am i supposed to be providing? That Mac hardware somehow hardens whatever operating system is installed? If so, I can't... because it's utter nonsense.

That's not to say I wouldn't love to see either yourself or gennx30 provide a source for this claim outside of an anecdote.
0 Votes
+ -
RE: Apple fixes 12 Safari security flaws
trm1945 17th Nov 2008
Software and cars are the same thing: Just when they
decide they'll never get it right and get the bugs out, they
bring out a new and improved version. Then the whole
process starts all over again with a new set of yet to be
discovered problems. Every new version promises to be
the version to end all versions: Vista, Windows 7, OSX
10.1 .2 .3 .4 .5 and on and on. Pay and ***** because
without bitching there aint no fun at all.
0 Votes
+ -
RE: Apple fixes 12 Safari security flaws
jsully@... 18th Nov 2008
I downloaded the Safari update, now Safari quits unexpectedly and is useless.I now use Firefox.
0 Votes
+ -
RE: Apple fixes 12 Safari security flaws
Snarfiorix 18th Nov 2008
Yawn...
0 Votes
+ -
RE: Apple fixes 12 Safari security flaws
birumut Updated - 5th May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix