PDA

View Full Version : Safari Beta For Windows Security Update



MacRumors
Dec 19, 2007, 03:58 PM
http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com)

Apple has posted a security update for Safari Beta for Windows 3.0.4, the details of which are posted here (http://docs.info.apple.com/article.html?artnum=307178).

WebKit allows a page to navigate the subframes of any other page. Visiting a maliciously crafted web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information. This update addresses the issue by implementing a stricter frame navigation policy. (This issue is addressed for Mac OS X in Security Update 2007-009.)

Apple released Safari Beta for Windows 3.0.4 (http://www.macrumors.com/2007/11/15/safari-3-0-4-beta-for-windows/) in November.

Article Link (http://www.macrumors.com/2007/12/19/safari-beta-for-windows-security-update/)


TheSpecialist
Dec 19, 2007, 05:05 PM
Ah I was just 5 minutes to late posting this:( Well ok I'm happy there's yet another update!
clevin
Dec 19, 2007, 05:19 PM
unbelievable. consider this type of security problem was fixed in other browsers back in 2005. You wonder if apple is capable of making secure browser for today's windows system.
Butthead
Dec 19, 2007, 05:47 PM
unbelievable. consider this type of security problem was fixed in other browsers back in 2005. You wonder if apple is capable of making secure browser for today's windows system.

As noted above in the OP (parenthesis) same security vulnerability existed for Safari 3.0 on OSX, so they issued the fix for both Windows & MacOSX 10.4&10.5 on the same date- Dec.17, a month after both platforms of the latest versions of Safari were released. Seems like a pretty fast closure of a vulnerability on both platforms to me?

Doesn't appear Apple was favoring Safari for MacOSX in this instance.
clevin
Dec 19, 2007, 06:15 PM
1. a month for a security patch, maybe you thinkits fast. but firefox normally patch them in less than 2 weeks.

2. the real problem is not actually how fast it get fixed. rather. why a browser released in 2007 still has well-known security holes of 2005? does that mean apple has no knowledge of security risks appeared in the past two year? that's a lot of them!
Eraserhead
Dec 20, 2007, 09:40 AM
1. a month for a security patch, maybe you thinkits fast. but firefox normally patch them in less than 2 weeks.

I agree, serious security hosts are normally fixed very quickly in Firefox.
mikeinternet
Dec 21, 2007, 12:19 AM
'hackers' are like 'the terrorists' the fear is way worse than any actual threat.

i've never really though about security and never had a problem. i think it's all made up.