[ insider_reports_insider ]
Apple Plugs Holes In Leopard, Safari
David Utter
Staff Writer
2007-11-15
 Insider Reports RSS Feed
A massive 41 bugs needed attention from Apple engineers to correct them in a round of security fixes for Mac OS X Leopard and the Safari web browser.
 | | Apple Plugs Holes In Leopard, Safari |  |
In a month where one major operating system vendor dispensed two patches, and another one dealt out forty-one, the observer who had to determine which was Apple and which was Microsoft without knowing in advance might guess wrong.
Microsoft's minuscule two patches for November barely register when compared to Apple's huge jailbreak of fixes. The Apple security page for the latest round of OS updates covers products from AppleTalk to WebKit, the latter figuring in Safari's security.
The name AppleTalk evokes a quaint reminder of the time before TCP/IP became a networking standard. However, for organizations that have it turned on, a trio of locally exploitable buffer overflow conditions could allow arbitrary code execution if left unpatched.
Safari required updates to its browsing services to fend off potential attacks from malicious hackers. Its tabbed browsing feature could have caused people to unwittingly disclose their user credentials for a website.
Another problem, this time with malicious .download format files, may have led to Safari crashing, or to arbitrary code execution. Someone who downloaded a specially crafted file would have been exposed to this attack.
A number of WebCore and WebKit fixes addressed a series of problems that could have been exacerbated online. Safari's handling of JavaScript left it open to cross-site scripting attacks, in one example.
Apple's resurgence as a brand has not been accompanied with easier public visibility into the issues it corrects for its products. One can see the difference between Apple and Microsoft by visiting microsoft.com/security and apple.com/security.
The Microsoft URL goes directly to a page discussing computer security, with options for home users and security pros to look more closely at the issues that concern their software. At Apple, the URL noted above redirects to a list of security features in Mac OS X. Accurate, but not as helpful.
It may be that Apple believes an OS X user's concerns end at the feature list. Apple has always kept the icky stuff hidden away from the typical consumer. They shouldn't make it difficult for someone with a little more awareness of security issues to find details about updates as they are released. There's no harm in being informative.
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
