Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Three of the flaws -- involving issues in CoreGraphics, ImageIO and WebKit -- could be exploited to execute arbitrary code, according to an Apple advisory.Perhaps the most unique bug involves a problem with Safari's new Top Sites feature, which provides an "at-a-glance view" of a user's favorite sites, the advisory said. An attacker might be able to exploit the flaw by adding a malicious site to this list, permitting potential phishing scams. Apple fixed the issue by only permitting websites that a user manually visits to be included in the list.Andrew Storms, director of security operations at vulnerability management firm nCircle, suggested that, considering the number of security updates from Apple this year, the company may want to consider setting a patching schedule.Vendors such as Microsoft, Oracle and Adobe already do this.So far this year, Apple has delivered five Safari updates and three Mac OS X updates, the most recent on August 5. Safari has been patched each month since May. Tuesday's release arrived on the same day that Microsoft distributed nine patches to resolve nineteen flaws."This release makes the contrast between the security processes of Microsoft and Apple even more stark," Storms said. "Microsoft's release was planned, but Apple's updates seem to arrive at a haphazard pace." See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.