Holes for Hackers
One of the vulnerabilities repaired by the new version could have allowed for remote code execution by hackers. This would have allowed the intruders to direct the browser to a phony Web site that could install malware on the computer running the browser. Other holes in Safari 3.0.1 could have opened the door for cross-site scripting attacks, using JavaScript code and malformed HTTP (hypertext transfer protocol).
Additionally, before the upgrade, some Safari users were vulnerable to an outsider editing information in the URL (uniform resource locator) bar. This would allow a bad Web site to appear with the address of a good one.
Many of the patches repair instability issues and performance bugs. Sometimes, for example, the unpatched version of Safari for Windows would quit while non-English users were entering information into text fields. There are improvements to the way the browser handles some Adobe (Nasdaq: ADBE) Latest News about Adobe Web applications as well as Yahoo (Nasdaq: YHOO) Latest News about Yahoo Widgets and Google Reader.
The latest release is more adept at handling RSS (really simple syndication) feeds, empty content-type headers, and HTTP and NTLM (NT LAN, or local area network, manager) authentication. Also improved are the browser's compatibility with some processors and video cards.
Still in the Kitchen
Apple will continue to improve the browser, noting it is planning to add PAC (proxy auto-configuration) file auto-detection, FTP (file transfer protocol) directory listings, cookie management, spell-checking, and support for page numbers, titles and margins when printing Web pages, the company said.
Apple didn't waste any time in offering the patches, said David Maynor, chief technical officer of Errata Security.
"They released them in generally a short amount of time," he told MacNewsWorld. "They fixed some critical bugs in there. I'm somewhat impressed with the response time on that."
Nevertheless, he said some problems unearthed by Errata remain even in the latest Safari version. "The bugs we found are still unfixed," said Maynor. Signed-Chuck
Subscribe to:
Post Comments (Atom)
1 comment:
thats the thing about Apple, they wont release the product before its ready. which i believe is sept or oct
Post a Comment