Apple releases update to Safari to close seven holesApple has delivered an update to its Safari web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. .Version 4.0.4, pushed out Wednesday, addresses seven vulnerabilities, including three in the WebKit, an engine that allows web browsers to render on web pages.One of those WebKit flaws could be exploited if an attacker is able to access a maliciously crafted FTP server (networking) FTP server - A network server program or computer which responds to requests for files via FTP. A busy Internet archive site may have one or more computers dedicated to running FTP server software. These will typically have hostnames beginning with "ftp.", e.g. to cause arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. execution. Meanwhile, another WebKit vulnerability can result in cross-site request forgery if a user visits a maliciously crafted web site.The Safari update, which follows a major Mac OS X patch batch released earlier this week, also fixes a vulnerability in ColorSync, a graphics utility, that could permit code injection if a user views a malicious image with an embedded color profile. The browser upgrade affects both Windows and Mac users. This is the sixth time Safari has been updated this year. 
|
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion