REALTIME IT NEWS
REALTIME IT NEWS
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The Blog
« Tr.im is back - but for how long? |
Sean Michael Kerner Blog
| Wordpress fixes password reset security flaw »
Apple Safari 4.0.3. Is it a 'haphazard' security update? From the 'heckling in the cheap seats' files: Apple is updating its Safari web browser on both Mac and Windows platform to version 4.0.3. The new browser releases fixes at least 6 different security issues that could potentially expose users to risk. The Safari 4.0.3 update follows a Mac OS X 10.5.8 update by a week, which has caused one security analyst to label Apple's software update process as occurring,"...at a haphazard pace." "This release makes the contrast between the security processes of Microsoft and Apple even more stark," Andrew Storms, director of security operations for nCircle, said in an e-mail sent to InternetNews.com. "Microsoft's release was planned, but Apple's updates seem to arrive at a haphazard pace."I personally disagree with Storms' comments. As a Linux user myself, I'm used to getting updates, when updates are needed and available and not at some arbitrary monthly level. Certainly the Safari browser is an integral part of the Mac OS X experience but it is also a standalone application that has millions of Windows users too, that don't necessarily need to be tied to the Apple OS X updates. Looking at the Safari 4.0.3 update itself, two of the fixed issues - one for ImageIO and one for CoreGraphics - are both malicious image issues for Windows users. Similar issues were fixed in Mac OS X 10.5.8 itself at an operating system level and not the browser level. Additionally, Safari 4.0.3 includes, three advisories for issues affecting its WebKit rendering engine. WebKit is a technology also used by Google Chrome and as such, I suspect that there is a level of what I will call 'developer diplomacy' that Apple needs to navigate in order not to expose other WebKit users to risk pre-maturely. There is also an interesting fix for a flaw that could have enabled an attacker to get their site promoted to Safari's Top Sites view (basically a list of most visited sites). "It is possible for a malicious website to promote arbitrary sites into the Top Sites view through automated actions," Apple's advisory warns. "This could be used to facilitate a phishing attack. This issue is addressed by preventing automated website visits from affecting the Top Sites list. Only websites that the user visits manually can be included in the Top Sites list"So in summary - I think it's great that Microsoft is able to keep (for the most part) with its monthly schedule to include software updates. It does make is easy and predictable for users. But Apple is serving two masters with Safari - both Windows and Mac users. If Apple is able to deliver all of its updates on the same day - great. What is more important is that the updates are made available when they're ready and when they're needed and without exposing the wider ecosystem to risk. 0 TrackBacksListed below are links to blogs that reference this entry: Apple Safari 4.0.3. Is it a 'haphazard' security update?. TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8695 2 CommentsLeave a comment |
||
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
Making updates available when they're ready is a better strategy than some arbitrary release date.
I agree. I'd rather have operating system releases on schedule and updates as they are available (Apple) rather than operating system releases that are always coming, coming, and updates that are released on a schedule.