Business IT - Technology for your business

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Safari 4.0: security fixes galore!

Stephen Withers
Tuesday, 09 June 2009 08:26

Business IT - Security

Page 1 of 2
Safari 4.0 delivers a laundry list of security fixes. Many of them are Windows-specific, but that still leaves plenty that also apply to Mac OS X.
Microsoft Office 365 Get your free Trial

Related Articles

Apple has disclosed 48 security fixes in Safari 4.0, 11 of them specific to Windows.

Let's get the problems peculiar to the Windows implementation out of the way first.

Issues include temporary files being created in insecure locations while downloading; the possibility of arbitrary code execution triggered by malicious web pages containing graphics, embedded fonts, PDF files; cross-site scripting attacks taking advantage of Unicode handling; failing to remove cookies after private browsing; failing to immediately remove website passwords from memory when resetting Safari; and running Safari for the first time with elevated permissions.

Some of these issues were previously addressed by updates to Mac OS X.

Cross-platform flaws are similarly varied.

Certain image files may misidentified as HTML, allowing the possibility that embedded JavaScript will be executed without prompting the user for permission to proceed.

The libxml2 library has been updated to avoid multiple vulnerabilities, at least of which can lead to arbitrary code execution.

Please read on for more issues fixed in Safari 4.0 - and a problem that's not mentioned.


Start 1 2 Next 

Sponsored Announcements

Websense #1 in Web Security Fourth Year in a Row

David Bass | For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases