Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL
 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Safari vulnerable to remote file-stealing attack
Our Blogs Core Dump Safari vulnerable to remote file-stealing attack | Safari vulnerable to remote file-stealing attack |
|
| by Stephen Withers | |
| Tuesday, 13 January 2009 | |
|
Page 2 of 2 Windows users should simply use a different browser, Mastenbrook suggests.Featured Whitepaper
5 Best Practices for Smartphone Support
His record includes spotting a way of triggering an Applescript with a specially-crafted Help: URL (Security Update 2008-002), and suggesting improvements to the list of quarantined file types (Mac OS X 10.5.3 and 10.5.4, and Security Update 2008-003 and 2008-004), The public disclosure of vulnerabilities before a fix has been released by the vendor concerned is a contentious issue. One school of thought says that the responsible thing to do is keep completely quiet until the vendor has issued an update to take care of the issue. Another holds that if one person can find a particular flaw, so can another. Therefore unless a fix is released promptly by the vendor, the right thing to do is alert users to the problem and provide a workaround so they at least have the opportunity to protect themselves. Mastenbrook gave no indication of when he alerted Apple to this vulnerability. |
Tags
| < Next story in category | Previous story in the category > |
|---|
