Security Bytes

Jun 25 2007   8:33AM GMT

Apple fixes more Safari-Mac flaws

Leigha Leigha Cardwell Profile: Leigha

For the second time in as many weeks, Apple had to seal some security holes in Mac OS X and the new beta of its Safari Web browser. This time, the fixes are for a memory corruption flaw attackers could exploit to hijack a Mac, and a cross-site scripting flaw attackers could exploit via phishing sites to steal usernames and passwords.

The fixes come after vulnerability researchers jumped at the chance to find flaws in Safari for Windows the moment the beta was released. Apple has already issued a security update for some of the problems researchers uncovered.

Apple has come under increased scrutiny in recent months from vulnerability researchers unhappy with the company’s response when bugs are reported. Vulnerability researcher Aviv Raff recently told me that it’s always easier to make fixes when a program is still in beta and doubts Apple’s fast response is a sign that it is turning over a new leaf.

He said he didn’t report his recent Safari finds directly to Apple “because of my knowledge on how they treat security researchers.” A good example was the last security advisory, he said, adding, “There was no credit for any of us.”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: