Apple Issues Safari Security Update

 
 
By Brian Prince  |  Posted 2010-11-18 Email Print this article Print
 
 
 
 
 
 
 

Apple fixed 27 vulnerabilities in Safari for Mac OS X and Windows today.

All of the vulnerabilities exist in the open-source Webkit engine. In addition, nearly all of them can be exploited to execute code remotely on Macs or Windows PCs.

Among the vulnerabilities is a problem due to Safari using a "predictable algorithm" to generate random numbers for JavaScript applications. This may allow a Website to track a particular Safari session without using cookies, hidden form elements, IP addresses or other techniques, Apple warned. The update addresses the issues by using a stronger random number generator.

Several of them can be exploited through drive-by attacks on malicious sites, Apple noted in the advisory. For example, an integer overflow exists in Webkit's handling of Text objects, and could be exploited via a maliciously crafted Website to cause an application crash or permit code execution. The issue was fixed through improved bounds checking, Apple said.

More information about the update can be found here.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel