To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39190805,00.htm

Apple patches up Safari
Better protection after MacBook Air hack

By Marcus Browne

Published: Friday 18 April 2008

Apple has released another round of security patches for its web browser this week, targeting a vulnerability which allowed a MacBook Air to be hacked and two flaws in the Windows-only version of Safari.

The company released the patches this week after a number of vulnerabilities were discovered in the browser recently, including one which allowed a security expert to take control of a MacBook Air at the CanSecWest security conference in March, where a malicious website was used to exploit the flaw.

Apple photos - pick of crop

Check out the latest in Apple innovation…

♦  Photos: What should be crowned the king of Apple cool?

♦  Photos: Apple flying high at Macworld

♦  Photos: Apple's Jobs slims down laptop for Macworld 2008

♦  Photos: High life at the high-tech hotel

♦  Photos: Who's in the iPhone queue?

James Turner, security analyst for research firm IBRS, said: "The interesting thing about this is that it took a team of hardcore security experts to crack this."

He added: "From Apple's perspective, it's been good to have that flaw publicised and to appear to have done something about it within a relatively short space of time."

An Apple spokesperson declined to comment on the flaw, telling silicon.com sister site ZDNet.com.au: "What happened at that forum was specific to the forum, Apple won't discuss that."

Recent research by IBM found Apple flaws made up 3.2 per cent of all vulnerabilities reported in 2007, putting the company in second place behind Microsoft, with 3.7 per cent.

Apple's most recent patch batch also fixed vulnerabilities in Safari for Windows. An Apple spokesperson said the company would not comment on what the cause or effects of these flaws were.

According to IBRS analyst Turner, the Windows flaw was unlikely to have affected many users and even fewer organisations; given that few - if any - are likely to have deployed Safari as a standard browser.

He said: "Apple will of course continue to use the Polaroid model and push their own browser on their own hardware, which in turn means that more and more attention will be focused on them."

Turner said: "For a couple of years now industry pundits have been saying that as Apple's market share grows they will be targeted more often. Microsoft's been in the spotlight so long now but now someone else is sharing the stage, and I think they'd [Microsoft] be happy about that."

According to Apple, in the first quarter of last year it shipped 2.3 million Macs, representing 44 per cent growth year-on-year.