Infrastructure // PC & Servers
01:57 PM
Connect Directly
How to Use Threat Intelligence to Improve Your Security Operations
Jul 28, 2016
Over the past year, many enterprises have begun to collect and analyze IT security threat data thr ...Read More>>

Apple Patches Safari Vulnerabilities

The fixes include patching a zero-day vulnerability in Apple's Web browser that allowed researchers to compromise a MacBook Air.

Apple on Wednesday issued a security patch for its Safari Web browser that fixes a widely reported vulnerability and three other holes, two of which affect only Windows versions.

At the CanSecWest security conference last month, security researchers Charlie Miller, Jake Honoroff, and Mark Daniel, from Independent Security Evaluators, managed to compromise a MacBook Air using a zero-day vulnerability in Safari.

Tipping Point, the sponsor of the contest, said the vulnerability would not be disclosed until Apple issued a patch.

Among the four vulnerabilities fixed in Wednesday's Safari patch is CVE-2008-1026, which Apple thanked Miller for reporting.

Apple describes the flaw thus: "A heap buffer overflow exists in WebKit's handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution."

To fix the problem, Apple said it added validation to JavaScript regular expressions.

A second WebKit vulnerability was also addressed. WebKit is an open source engine used by Apple's Safari, Mail, and other applications. Both WebKit issues affect Mac and Windows users of Safari.

The other two vulnerabilities affect only Safari for Windows XP or Vista. One is a timing flaw that could allow a maliciously crafted Web page to spoof a legitimate site by changing the contents of Safari's address bar without loading the associated page. The other is a memory corruption issue that could allow for the remote execution of malware following an attempt to download a maliciously crafted file.

The Safari patch can be downloaded through the Mac OS X Software Update control panel, or from Apple's Web site.

Safari's share of the browser market remained relatively flat throughout 2007, at about 1.7%, according to W3Schools. It has become more popular, however, in 2008. In March, Safari had a 2.1% market share. Microsoft's various versions of Internet Explorer accounted for 53.1% of the visitors to the W3Schools site in March, while Firefox accounted for 37%.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of August 14, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.