Share

twitter delicious facebook digg stumbleupon favorites more
Latest Articles

Apple, Google Update Their Browsers


Apple releases Safari 6.0; Google lets Chrome 21 loose. Plus: Mozilla tackles memory bugs and a phishing attack.
IT’S ALL BROWSERS this month. Google released Chrome 21, patching a number of dangerous PDF- viewer-related bugs. Mozilla tackled more vulnera­bilities than usual, including an interesting drag- and-drop bug, and Apple released Safari 6.0, sealing multiple potential private information leaks.

Google Chrome Turns 21
Chrome
Google released a number of security updates for the Google Chrome Stable Channel. These updates affect OS X and Linux (updated to Chrome 21.0.1180.57), as well as Windows and Chrome Frame (Chrome 21.0.1180.60).
Chrome 21 includes patches that address 15 security vulnerabilities. One vul­nerability was rated critical; of the others, six were rated high, five medium, and three low. Five of the weaknesses affected Chrome’s built-in PDF viewer and could have caused memory corruption, a program crash, or other unexpected behavior.

Mozilla Posts Repairs
Firefox
Mozilla released patches for 15 security advi­sories (the most in nearly two years), for Fire- fox, Thunderbird, and SeaMonkey. Five bugs are rated critical, four high, and six moderate.
Security researchers found a vulnerability that could enable a remote attacker to “short-circuit” a page load in Firefox via the drag-and-drop mechanism. Normally, when you drag and drop a URL into the address bar, that URL loads automatically. But the short-circuit, which is triggered by dragging and dropping a malicious address, lets hackers spoof the address bar and opens your system to phishing attacks.
This vulnerability and others are corrected in Firefox 13,14, and ESR 10.0.6; Thunderbird 13,14, and ESR 10.0.6; and SeaMonkey 2.11.

Apple Unveils Safari 6.0
Safari
Apple released Safari 6.0, and also patched two vulnerabilities in the company's Xcode software development tools. Safari 6.0 patches a number of security vul­nerabilities. Most notably, Apple patched memory corruption issues in the Web Kit that could lead to unexpected crashes or arbitrary code execution. The Safari 6.0 update is available for OS X 10.7.4 and is included in OS X 10.8 Mountain Lion.
Apple also fixed shortcomings in Xcode 4.4 that could allow an attacker to gain access to and decrypt SSL-protected data as well as "keychains"—a secure stor­age system for certificates, passwords, and other private data.
To learn more about all of the updates mentioned, visit go.pcworld.com/b&f10-12

Posted in: ,,

0 comments:

Post a Comment