Safari gets a tune-up

 

Apple has issued an update for the Windows version of its Safari web browser..

In addition to minor stability fixes, the update addresses four security vulnerabilities in the browser that range in severity from information disclosure to the ability to remotely execute malicious code.

The company is advising all Windows users to install the update, which can be obtained through Apple's software update service or by visiting the company's download site. The update does not affect Mac users.

The most notable of the four security fixes is the so-called 'carpet bomb' condition disclosed by Microsoft earlier this month. That flaw could potentially allow malware that is within a web site designated by Internet Explorer as a trusted site to run without iser input.

Apple said that it solved the problem by removing Safari's ability to automatically launch downloaded files. The company also added an option to the browser's preferences to require user authorization before starting any download.

The download prompt was also part of another fix. Apple used the feature to address a flaw in which files saved directly to the Windows desktop could be automatically launched and potentially used to infect users.

The update changes the default download location to a special folder, rather than directly to the Windows desktop.

Other fixes include a patch for a remote code execution vulnerability in Javascript handling, as well as a vulnerability in which a specially crafted .bmp or .gif could be used to retrieve memory contents and possibly obtain sensitive user data.

Copyright ©v3.co.uk


Tags
 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3069

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 976

Vote