Security Bytes

Jun 9 2010   2:25PM GMT

More patches, this time from Apple

WHurley Billy Hurley Profile: WHurley

On the same day that Microsoft issued 10 security bulletins covering 34 vulnerabilities, Apple released a flood of patches for its Safari browser, including Safari 4 (Mac OS X 10.4), Safari 5 (MAC OS X 10.6) and Safari 5 for Windows.

Most of the vulnerabilities, 44 out of the 48, in fact, impact Webkit, the open source Web browser engine used by Safari.

The Webkit patches address many possible attack vectors, including the ability to execute code, carry out cross-site scripting attacks or disclose information by visiting a maliciously crafted website or dragging/pasting links or images from one site to another.

Updates also addressed a heap buffer overflow vulnerability in ColorSync, Apple’s color management API. Opening an attacker-modified image with an embedded ColorSync profile could potentially lead to an unexpected application termination or arbitrary code execution.

Two updates addressed vulnerabilities in the Safari browser, flaws that could lead to similar results if an attacker uses a corrupted website.

To assists users looking to authenticate to a server, Safari supports the inclusion of user information in URLs, which specify a user name and password and could potentially aid phishing attacks. A final Safari update allows the browser to display a warning before a user is navigated or redirected to an HTTP or HTTPS URL containing user information.

Safari 5 for Windows and Mac launched on Monday.

Learn more about the Safari patches.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: