iTWire - Safari 3.x remains vulnerable: time to upgrade to 4.0?

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Safari 3.x remains vulnerable: time to upgrade to 4.0?

Safari 3.x remains vulnerable: time to upgrade to 4.0?

E-mail

by Stephen Withers
Wednesday, 10 June 2009
At least two of the security flaws addressed in the release version of Safari 4.0 can be used to attack Safari 3.x. Proofs of concept are in circulation. Featured Whitepaper 5 Best Practices for Smartphone Support When we reported on the security fixes delivered in Safari 4.0, we noted that it wasn't clear whether they all related to the 4.0 beta or if any could also be found in Safari 3.x. We asked Apple for clarification, and have yet to receive a reply beyond a statement that Safari 4.0 "is the full update that replaces the previous beta version of Safari 4.0 and any previous editions of Safari." But if one security researcher is correct, at least two of the addressed vulnerabilities can be found in Safari 3.x for Mac OS X and Windows. According to Google employee Chris Evans, Safari's XML processing can be fooled into delivering the contents of a local file. Not nice. "XXE [Xml eXternal Entity] attacks are most common server-side; this advisory notes a client-side attack against the Safari browser," observes Evans, who has provided a proof of concept for this vulnerability. He also notes that a second XML flaw allows cross-domain access with the potential to steal sensitive information. For this vulnerability, Evans' proof of concept shows how it can be used to steal inbox details from a logged-in Gmail session. According to Evans' descriptions of the issues, both problems were "found on Google's time" and originally reported to Apple in June 2008. Barring the prompt arrival of a Safari 3.x update from Apple, this suggests that if you can upgrade to Safari 4.0 then you probably should. Tags See All Tags Apple Browser Browsers Gmail Google Safari Security Stephen Withers Vulnerability XML Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking