Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

Apple Releases New Safari Version to Fix 48 Security Holes

Apple is out with the latest version of its Safari browser with patches for 48 security vulnerabilities, mainly in the open-source WebKit. Most of these vulnerabilities make a PC vulnerable to be compromised by malware dropped into the system by drive-by-download attacks encountered while visiting a malware-laden webpage.

ColorSync (CVE-2009-1726), one of the patches, addresses a heap buffer overflow which exists in handling images with embedded ColorSync profile. On opening a malicious image with embedded ColorSync profile, there may be consequences like sudden termination of an application or execution of arbitrary code.

Safari facilitates user information to be included in URLs, which enables the URL to specify username and password so that the user can be authenticated to the named server. These URLs are frequently used to deceive users, potentially facilitating phishing attacks. This vulnerability, Safari (CVE-2010-1384), has also been fixed.

Along with the abovementioned patches, two other updates Safari (CVE-2010-1385) and Safari (CVE-2010-1750) have also been released by Apple.

Besides these, 44 security holes in WebKit have also been fixed, which could potentially facilitate various compromises and attacks, including exposure due to dragging/pasting images or links; inadvertent activities on other websites caused by interaction with a malware-laden webpage; cross-site scripting (XSS) attacks; data being directed to an IRC server as a result of visiting a malicious site; leakage of data from visiting an HTTPS website that sends to a vulnerable HTTP website; and a number of arbitrary code execution by visiting a malware-serving site.

Just like Apple, Microsoft also released 10 security bulletins on June 8, 2010 to address 34 security holes in one of its largest Patch Tuesdays so far. Adobe also noted that it would come out with a patch for a critical vulnerability in its Acrobat and Reader by the end of June 2010, though the patch for hole in its Flash Player will be released earlier. So until the patches are released, Adobe recommends its users to rename or remove access to autoplay.dll file that comes with Acrobat 9.x and Adobe Reader.

Related article: Apple Patches QuickTime 13 Month Old Flaw

ยป SPAMfighter News - 17-06-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next