Information Security all in one place!

Safari: Closes Security Holes with version 5.1.4

Safari: Closes 80 Security Holes with version 5.1.4

Apple has released version 5.1.4 of its Safari web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs.

A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution.

The recent issue, where Google were accused of bypassing Safari’s privacy controls on cookies, also appears to have been addressed. Details of how Apple have fixed this though are not given. A bug in Safari’s Private Browsing mode that allowed page visits to be recorded in the browser history when the mode was active has been fixed.

On Windows systems, the browser update improves domain name validity checking in order to prevent attackers from using look-alike characters in a URL to visually spoof a legitimate domain and direct users to a malicious site – Mac OS X systems were not affected by this issue.

More can be found here: http://www.h-online.com/security/news/item/Safari-update-closes-security-holes-1470595.html

Advertisements

2 responses

  1. Pingback: iOS Safari: Address spoofing vulnerability « NetSecurityIT.com – NSIT

  2. Extremely good post. I actually just happened at your current blog plus wanted expressing which i need very loved studying your own website posts. Anyways I will often be following to the blog plus Hopefully you actually post again immediately.

    March 28, 2012 at 7:27 AM

Let's hear what you have to say.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s