Apple Patches Safari for Windows Users

<a href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9101239">Computerworld</a>

Jim Manico, OWASP Global Board Member

June 20, 2008

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Apple has released a new Windows version of Safari that patches four vulnerabilities, including one that had Microsoft telling its customers to not use the browser.Earlier this month, Microsoft warned users about a "blended threat in which the Safari flaws coupled with an unpatched Internet Explorer bug could enable hackers to run unauthorized software on a victim's computer. To address that, Safari version 3.1.2 prevents files from automatically downloading on the Windows desktop; instead, files will go the Downloads folder on Windows Vista and to the Documents folder on XP. In addition, users will be prompted prior to saving a download.

These fixes are also designed to prevent "carpet bomb" attacks, which could litter the Windows desktop with malware files by taking advantage of a design flaw in Safari. For its part, Microsoft has not patched the IE bug.Computerworld

Read more about:

20082008

About the Author

Jim Manico

OWASP Global Board Member

Jim Manico is a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. OWASP's mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. OWASP's AppSecUSA<https://2015.appsecusa.org/c/> conferences represent the nonprofit's largest outreach efforts to advance its mission of spreading security knowledge, for more information and to register, see here<https://2015.appsecusa.org/c/?page_id=534>. Jim is also the founder of Manicode Security where he trains software developers on secure coding and security engineering. He has a 18 year history building software as a developer and architect. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. He is the author of Iron-Clad Java: Building Secure Web Applications<http://www.amazon.com/Iron-Clad-Java-Building-Secure-Applications/dp/0071835881> from McGraw-Hill and founder of Brakeman Pro. Investor/Advisor for Signal Sciences.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights