[ insider_reports_insider ]
All Browsers Vulnerable As Holiday Season Continues
SecurityProNews
Staff Writer
2008-12-18
 Insider Reports RSS Feed
It's been a rough week for browser security. If you've heard of a particular internet browser, chances are patches were issued for it. Spikes in exploits are likely associated with increased holiday shopping.
 | | All Browsers Vulnerable As Holiday Season Continues |  |
One used to not hear about security flaws in rival browsers to Internet Explorer, but this past week Firefox, Opera, and Safari all got patched as well, leaving only Google's Chrome as the safer alternative after Microsoft released yet another critical update to IE.
Firefox patched up four critical flaws in version 2.0 and three in version 3.0, most of them involving cross-scripting vulnerabilities. Opera issued an update as well, addressing various flaws allowing the execution of arbitrary code.
Apple's Safari was hit with "cross-site cooking," a vulnerability that could allow websites to set cookies for country-specific domains-co.uk, co.au-allowing hackers to "perform a session fixation attack and hijack a user's HTTP session." Also added to Apple's to-fix list was CVE-2008-4234, an incomplete blacklist in the Quarantine feature of Mac OS X 10.5, allowing attackers to circumvent the "potentially unsafe" warning message.
As usual Microsoft has been hit hardest by attacks. After a record-breaking Patch Tuesday last week, two critical zero-day exploits have arisen in addition to a second security advisory for Microsoft Word. Document attacks seem to be all the rage lately (see Adobe's recent PDF woes), and the latest zero-day exploit uses the "people trust document files" strategy.
Microsoft rushed out Bulletin MS08-078 late yesterday, affecting IE 5.01-IE 7 and plugging up holes allowing for remote code execution. McAfee's Rahul Mohandas says this exploit has been used for a popular new drive-by attack using document files.
"Malware authors have been coming up with innovative mechanisms to leverage this exploit to social engineer the not so tech-savvy internet users. One of the most prominent and unique techniques adopted by the malware authors involves a Microsoft word document being sent out to an unsuspecting user."
So what's a security-concerned Web-surfer to do? First, make sure whichever browser you use or prefer has its booster shots. Second, it might be a good idea to switch to Chrome until the holidays are over.
"…it has security issues as well, but the design philosophy is good (run every tab in a separate security zone), and since it contains relatively few extra's other than browsing and managing bookmarks, there is less code to check for security problems," writes the author of Securityandthe.net.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
