Thirteen of the 15 vulnerabilities fixed today could, in fact, be exploited by classic drive-by attacks, the kind that execute when a person simply surfs to a malicious site or an already-hacked legitimate domain. He had reported the problem to Apple more than a month before, but decided to disclose the vulnerability after he received only automated replies to his e-mailed queries. Jeremiah Grossman, CTO of WhiteHat Security, announced on July 21 that hackers could easily mine names, mailing addresses, e-mail addresses and workplaces of Safari owners because the browser turns on its AutoFill feature by default, and links it to the user’s entry in the address book on their Mac or PC. Barely 24 hours before a researcher was set to dive deeper into a Safari bug at the Black Hat security conference, Apple today fixed that flaw and 14 others.Īpple also switched on extensions in Safari 5.0.1, and launched a gallery of more than 100 add-ons users can download.Īlthough not the most serious of the 15 vulnerabilities patched today, a flaw in how Safari auto-fills forms with the user’s name and personal information was the most prominent of today’s bunch, if only because a researcher took the bug public last week.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |