WatchGuard Wire
Improve Your Security IQ
Apple Safari exposes a jungle of security flaws to Windows and Mac
users
10 June, 2010 -- A few days ago, Apple released Safari 5.0
and 4.1 to fix almost 50 security vulnerabilities in their web browser.
The flaws affect both the Mac and Windows Version of Safari.
According to Apple's
advisory, a huge portion of the flaws lie within Safari's WebKit component, which essentially does
all the heavy lifting pertaining to rendering and displaying web pages.
There's really no point in going over all 50 some of these
vulnerabilities in technical detail. Once you know the impact of the
worst of these flaws, you'll want to upgrade.
In short, if an attacker can lure you to a malicious website (or a
legitimate site referencing some malicious html code), she can exploit
a significant portion of these vulnerabilities to execute code on your
computer, with your privileges. Since most Windows users have local
administrative rights, attackers could often leverage these flaws to
gain complete control of Windows PCs. OS X, on the other hand, has a
stronger separation between your basic user privileges and the
administrative privileges needed to make any major changes. Attackers
targeting Mac computers will not gain full root privileges. However,
attackers can still do a lot of damage with basic user privileges.
If you have a Mac, you have Safari, so I recommend upgrading it whether
it's your default browser or not. I suspect few Windows users actually
use Safari, but if you're one of the few who do, you should update.
Hopefully, Apple's automatic update software has already tried to get
you to do this. If not, you'll find links to patches below:
-- Corey
Nachreiner, CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
