AfterDawn: News

Apple patches Safari security vulnerabilities

Apple Inc. pushed out Safari 4.0.5 earlier this week to address a slew of security vulnerabilities that could be exploited by attackers. In total, Safari 4.0.5 fixes 16 known security vulnerabilities with the browser. The update is available for Mac and Windows.

Among the vulnerable Safari components are ColorSync, ImageIO and the WebKit engine, which were hit with critical code injection and information disclosure bugs. Unpatched Windows machines running the browser are more vulnerable than those running Mac software.



Apple's advisory on the update is available at: http://support.apple.com/kb/HT4070

Safari for Windows: https://www.afterdawn.com/software/network_software/web_browsers/safari_win.cfm

Safari for Mac OS X: https://www.afterdawn.com/software/alternative_platforms/mac_software/safari_mac.cfm

Written by: James Delahunty @ 14 Mar 2010 19:08

• Previous article

• Password cracking optimized for SSDs works '100 times faster'

• Next article

• Steve Jobs feels betrayed by Google?

• 1 comment

• ChappyTTV

  Gee...where are all the Apple bashers?
  
  If this were about IE or any MS code, there would be 500 MS bashers on the bandwagon by now.
  
  NO CODE IS SECURE!
  
  If Mac had 90% market share, they would be the modern day MS, same with any Nix flavor, it's all a matter of numbers. While I don't agree with some of MS's business practices, it is impossible to write secure code..period. How can an engineer secure a hole they don't know even exists? All holes are found after code is released, so there is no way to know what is going to be exploited beforehand. All any engineer can do is work to close such holes when found as fast as possible, and learn from it. The real good ones will try to extrapolate where else a new exploit may be modified to use against other areas of the code, and work to close those too.
  
  And those who post these blobs of infinite wisdom like "MS wouldn't know secure code if it bit them in the ass", just show their lack of knowledge about coding and security.
  
  (I've been a coder, reverse engineer, and recognized security expert since before DOS)
  

  20.3.2010 19:47 #1