More Safari for Windows security holes patched
Summary: Apple has refreshed its new Safari for Windows browser to patch a pair of vulnerabilities that could cause spoofing and HTTP redirection attacks.
Apple has refreshed its new Safari for Windows browser to patch a pair of vulnerabilities that could cause spoofing and HTTP redirection attacks.
This is the second batch of updates shipped for the beta browser since Apple's heavily hyped release of its flagship browser to the Windows ecosystem.
[NOTE: Click image at left for instructions on configuring Safari to run securely ]
Both vulnerabilities affect Windows XP and Windows Vista users while one patch is available for Safari on the Mac OS X.
Details on the latest patches:
CVE-2007-2398 -- In Safari Beta 3.0.1 for Windows, a timing issue allows a Web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered.
[ Securing Safari: How to run Apple’s browser securely ]
CVE-2007-2400 --Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This issue affects Mac OS X users.
Apple also released a patch for WebCore to correct an An HTTP injection issue in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks, Apple said. This affects Mac OS X, Windows XP and Windows Vista.
A fourth vulnerablity, in WebKit, corrects a potential code execution issue affecting Mac OS X, Windows XP and Windows Vista users. This could be exploiting by luring users to a maliciously crafted Web site.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Beware of all Apple software
Have a nice time
Yeah, good thing this is a beta software...
Which is it?
[u]http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=35225&messageID=649593&start=-9981[/u]
or
"I made the decision not to install any Apple software"
One of the signs of true zealotry is the amazing ability to change fact to fit the ideology (q.v. The Downing Street Memo).
Still can't keep your story straight, Z-man.
Mac Fan
So don't install any Beta software on your main computer, that is only common
sense.
Duh.
Well at least you don't have to worry about EXPLOITS:P
You made the right choice, for someone who's alphabet stops at BETA (NT)
It's not the browser...
Yeah... that explains the patch that was issued for OS X
I think you are correct...
[b]one patch is available for Safari on the Mac OS X[/b]
...OS X is swiss cheese.
That is probably the...
Then you are easily fooled. (nt)
Oh Really!
Anyone who has beta-tested knows...
While I usually cringe at the "security by denial" apple crowd and try to avoid the total MS support wagon, this is after all a beta and will have issues. The telling point is whether they are fixed during the beta or wait until after RTM to fix. Hopefully they will all be found during the beta but I somehow doubt it - it is designed by humans and is therefore subject to flaws, just like all software.
Putting the Apple moniker on it does not confer any special status. Nor does putting Microsoft's on its products automatically condemn it.
Good point Milly
Love that last statement Milly......actually all your words
Well maybe not the securrity by denial one at least for me that is. But still it was a
good post.
Now here is my question to the likes off NonZ and Xunil...everyone including they
argue like Apple is MS's equal (which on some level I enjoy) but when you think
about it Apple has so much less than MS in terms of well MONEY and that means a
lot when one talks about programers and other resources. Wjhat I would like on
some level is a little bit of credit for Apple to even be in the running with MS.
When you look at the resources that MS has it is well amazing is it not that Apple
is here with OSX, the Macintosh, iPod, Safari, iTunes, Apple TV and now the iPhone
is it not?
Where is the begrudging admiration for a valiant foe?
Pagan jim
Why do I need to post admiration?
When you have someone like Steve Jobs at the helm, there is little about the company I admire. Do I like their products? They are okay. Do I use their products? I have an iBook I am about to eBay. Good or bad experience? Not particularly bad but not nearly good enough to make me an "adder" (as opposed to switcher).
There really are 10 kinds of people in the world, those who like Apple and those who like Microsoft. Everyone else is in denial <gd&r>
Job's is besides the point I was making...
other and there for can afford more programers and researchers and testers et al.
I would think the much smaller company would get at least some credit for not
only keeping pace but sometimes winning an occasional skirmish...ie iPod for
instance.
Is Steve Jobs that offensive to people...don't get it myself I don't particularly
worship him but I hardly think he's more or less offensive than many a CEO I've
seen over the years including Balmer and Gates. Plus a host of others in this
industry and others. How does Job's stand out to you anyway? What has has he
done that offends you so much? I mean above and beyond so many others?
Pagan jim
I do give Apple credit for hanging in there
As for what I dislike about SJ is his whole snippish, sniping, whining behavior, besides the bold-faced lies he promotes through his advertisements.
Anyone whose opening remarks can be counted on to be a shot across Microsoft's bow does nothing to represent his company, rather it promotes them as an also ran who has to run down the big guy in order to justify whatever he is talking about. Not a very good strategy and one not taught at the Toastmasters.
I know that he resents Microsoft and their success, however he needs to restrain himself from showing that resentment every time he opens his mouth.
Is there more to Safari on Windows than iphone sync ability?
I'm not sure how much QT or iTunes has been able to manage this, so why would there be any expectations with Safari. Quite honestly, with Apple's history of writing poor code for Windows, I would expect to see an opposite effect and if anything this will help drive Vista growth.
I don't know about that....seems the iPod and iTunes for
Still I think there is a fair chance the the refresh of the iMac will be a larger screen
HD TV ability with the ability to snap off the stand and hand on the wall if one
chooses. So the iMac will be a computer and HD entertainment center that ties
nicely into the whole Apple TV/iPhone/iPod/iTunes and Safari mix. Since the iMac
will be able to run either Windows or OSX well there you have it a complete circle
for Windows or OSX users or both!!!!
Pagan jim