Security Market Segment LS
Wednesday, 08 September 2010 10:01

Security update for Safari leads Apple updates

By

Updates to Apple's Safari browser address a trio of security issues, one specific to Windows, as well as delivering compatibility improvements. The iWeb web page creation program has also been updated.


Apple has released version 5.0.2 of its Safari browser, removing three security vulnerabilities and addressing compatibility issues.

One of the vulnerabilities is specific to Windows. In previous versions of Safari, attempting to reveal the location of a downloaded file could lead to the execution of an application contained in the same directory. This occurred because Safari did not specify the full search path to Windows Explorer.

The other two issues apply to the Mac OS X and Windows versions of Safari.

Inadequate validation of floating-point values in WebKit (the engine that underpins Safari) could allow a malicious website to trigger a crash or execute arbitrary code.

A bug in the handling of elements with run-in styling (a CSS feature) could result in a crash or execution of arbitrary code.

Other changes to Safari, the iWeb update and a new version of TechTool Deluxe for AppleCare subscribers are described on page 2.




Another security-related change sees encrypted and authenticated connections to the Safari Extensions Gallery. Extensions were a new feature in Safari 5, providing developers with an Apple-sanctioned way of changing Safari's behaviour. The new connection method will make it harder to trick users into visiting sites that spoof the Gallery to install potentially malicious extensions that have not been vetted by Apple.

Safari 5.0.2 also fixes issues that could prevent users from submitting web forms and that could cause web content to display incorrectly when viewing a Google Image result with Flash 10.1 installed.

For users of older versions of Mac OS X that can't run Safari 5, Apple has also updated Safari 4 to version 4.1.2 with the floating-point fix.

Apple also delivered a minor update to iWeb, the web page creation program in the iLife suite. All the company is saying is that "This update addresses issues when publishing to MobileMe and other minor issues."

The updates can be installed by using Software Update (Apple Software Update on Windows) or by downloading the installers via Apple's Support Downloads page.

In related news, Apple last weekend released a new version of the TechTool Deluxe utility for systems covered by an AppleCare Protection Plan. The software is available for download via this support page.

 


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments