The fixes include patching a zero-day vulnerability in Apple's Web browser that allowed researchers to compromise a MacBook Air.
Apple on Wednesday issued a security patch for its Safari Web browser that fixes a widely reported vulnerability and three other holes, two of which affect only Windows versions.
At the CanSecWest security conference last month, security researchers Charlie Miller, Jake Honoroff, and Mark Daniel, from Independent Security Evaluators, managed to compromise a MacBook Air using a zero-day vulnerability in Safari.
Tipping Point, the sponsor of the contest, said the vulnerability would not be disclosed until Apple issued a patch.
Among the four vulnerabilities fixed in Wednesday's Safari patch is CVE-2008-1026, which Apple thanked Miller for reporting.
A second WebKit vulnerability was also addressed. WebKit is an open source engine used by Apple's Safari, Mail, and other applications. Both WebKit issues affect Mac and Windows users of Safari.
The other two vulnerabilities affect only Safari for Windows XP or Vista. One is a timing flaw that could allow a maliciously crafted Web page to spoof a legitimate site by changing the contents of Safari's address bar without loading the associated page. The other is a memory corruption issue that could allow for the remote execution of malware following an attempt to download a maliciously crafted file.
The Safari patch can be downloaded through the Mac OS X Software Update control panel, or from Apple's Web site.
Safari's share of the browser market remained relatively flat throughout 2007, at about 1.7%, according to W3Schools. It has become more popular, however, in 2008. In March, Safari had a 2.1% market share. Microsoft's various versions of Internet Explorer accounted for 53.1% of the visitors to the W3Schools site in March, while Firefox accounted for 37%.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.