Tuesday, March 13, 2012

Apple patches a record 83 bugs in Safari browser

Apple has released a massive security update to its Safari web browser. It patches a number of flaws, with a whopping 90% of them leaving a critical component open to attack. 

The newest version of the browser, Safari 5.1.4, tackled 83 security glitches in the browser, 72 of which of existed in WebKit, which is the rendering engine of browsers such as Chrome, Safari, Safari on iOS, Chrome on Android, and Androids native browser which Chrome for Android is taking over.

What kind of flaws? The WebKit vulnerabilities could allow an attacker to carry out several attacks, including cross-site scripting, memory corruption and HTTP authentication credential theft, on a target's unpatched system by luring them to a maliciously crafted website.

Most of these flaws were found in last weeks Pwn2Own hacking contest by Sergey Glazunov, a researcher who also won $60,000 for finding a bug in Google Chrome. The Pwn2Own hacking contest is a event where hackers try to exploit flaws in a given product. In this case, web browsers. To be fair, all browsers were ran on fully patched versions of Windows 7.

On March 7th, there was also a major update to Safari, this time on the iOS platform. Apple pushed out updates to address 81 security bugs in iOS version 5.1

Apple also patched a Safari bug that enabled the recording of private Web browsing.

If you would like to get Safari, it is available for Mac OS X, and Windows XP and up. Go here to go to Safari's homepage. 

No comments:

Post a Comment

Note: This is Blogger's comment system. This system is a backup for when Disqus can't be reached by your computer, such as when your network blocks connections to disqus.com. The comment policy still applies regardless.