safari

Apple updates Safari for Windows with four security fixes

Apple on Thursday released a new version of Safari for Windows that includes a security fix for a high-profile carpet-bombing desktop attack vulnerability previously dismissed by the Cupertino vendor. The Safari update is only for Windows users, not Mac OSX versions. Version 3.1.2 of Safari for Windows can be downloaded and installed from Apple Downloads, or you can download Safari 3.1 here.

BMP or GIF image memory error This patch only affects users of Windows XP or Vista. The update addresses CVE-2008-1573, an out-of-bounds memory read vulnerability. The error may occur in the handling of BMP and … Read more

Mozilla's mobile browser due out in September

While the world rightly awaits Firefox 3.0 with anticipation, it's actually the mobile Firefox browser Fennec that I am looking most forward to seeing. According to the head of Mozilla Europe, we should be seeing Fennec in September, with a beta release later in 2008.

The problem? It won't run on my iPhone:

For the iPhone, Apple's licence can not install software to have an interpreted language. But Firefox includes JavaScript, which makes it legally impossible to carry on the iPhone....For Android, Webkit is integrated into the OS, and only Java applications can run. And … Read more

Buzz Out Loud 738: OS X 10.6: Liger, lolcat, or Cougar?

Rumor has it that there will be code details about OS X 10.6 at Apple's Worldwide Developers Conference next week. Bold prediction, considering it's a developer's conference. Geniuses. Now, what cat to name it after? Also, Bill Gates gives his last speech on the road to his nearly-full-time-job-retirement; Oklahoma City has a sweet Wi-Fi mesh network that you can't use (unless the password is "password"); and you can now get your Outlook e-mail on an LG enV(2).

Listen now: Download today's podcast Episode 738

Mac OS 10.6 debuting next week? … Read more

Microsoft warns of Safari for Windows blended attacks

Microsoft has issued an advisory warning Windows users who have installed the Apple Safari for Windows browser that their systems may be vulnerable to attack.

The Safari "carpet bombing" attack was first described by Nitesh Dhanjani last month, but dismissed by Apple as a serious threat. Under Dhanjani's scenario, a user would surf using Apple Safari for Windows to a maliciously crafted Web site such as http://malicious.example.com/. Dhanjani says Safari does not know how to render content-type of blah/blah, so it starts downloading carpet_bomb.cgi, executing the downloaded files with the same rights … Read more

Mozilla: Final Firefox 3 expected in June

Firefox fans looking for a major update to the open-source Web browser probably will get a final version of it next month.

"We're looking for final ship sometime in June," said Mike Schroepfer, Mozilla's vice president of engineering, in an interview Wednesday. Mozilla, which was spun out of AOL more than 10 years ago, oversees the Firefox programming project.

One of the Firefox's strengths is the broad collection of hundreds of add-ons, but that also means things move more slowly when programmers must update their projects to be compatible with Firefox 3. And that's … Read more

Apple dismisses Safari vulnerability

Safari users are at risk of littering their desktops with malicious software because the browser does not ask for user permission when downloading files in the way that Firefox and Internet Explorer do, a security researcher said Thursday.

In a blog post titled "Safari Carpet Bomb," Nitesh Dhanjani describes how a rogue Web site can easily download resources to the Windows desktop or downloads directory on the Mac.

"Apple does not feel this is an issue they want to tackle at this time," he writes.

An Apple representative told Dhanjani that an "enhancement request" … Read more

Yahoo acquisition to aid Apple searches

Correction 6:18 p.m. PT: I misinterpreted the announcement; Inquisitor founder David Watanabe isn't joining Yahoo.

Yahoo has acquired Inquisitor in a move to improve how search results appear on Apple computers.

The Safari browser plug-in offers autocompletion of search queries and shows a pane with search results as users type queries. The plug-in, now in version 3, is a free download.

Terms of the deal weren't disclosed, but Inquisitor founder and developer David Watanabe will continue to work with Yahoo on the software.

"I look forward to assisting Yahoo in refining and extending the Inquisitor … Read more

Featured Freeware: Safari

As the Web-browsing world waits for Firefox 3 and Internet Explorer 8, Apple makes its intentions known with a hard push of Safari for Windows and Mac. No, the sky has not fallen, and we have yet to see the spontaneous evolution of avian bacon.

Much like iTunes, the Windows version of the Mac application works fine but lacks a certain tightness. It feels unfinished because it is, but its browsing engine is solid and has been independently clocked at speeds faster than that of Firefox 2. Still, Safari lacks most customization features. Skins and other aesthetic options exist in … Read more

Apple Safari vulnerable to multiple attacks

Safari users may be subject to crashes or interactions with an attacker's malicious site, according to a warning posted on Tuesday on BugTraq .

Researcher Juan Pablo Lopez Yacubian is credited with finding multiple vulnerabilities in Apple Safari 3.1.1 for Windows. Other versions of Safari may also be affected.

Among the vulnerabilities cited are a denial-of-service (crash) vulnerability caused by a write-access violation, a denial-of-service (crash) vulnerability caused by a read-access violation, and a third vulnerability that allows attackers to spoof the content contained in the address bar. A full write up can be found here .

In a … Read more