By Jennifer LeClaire MacNewsWorld Part of the ECT News Network
01/26/05 10:41 AM PT
The news comes at an inopportune time. The browser wars are escalating -- largely because of concerns about security with Microsoft's Windows operating system and its Internet Explorer browser -- and Safari has been gaining momentum in the marketplace, according to market researcher WebSideStory.
How Much is 'Free' Costing You? Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
Apple (Nasdaq: AAPL) has issued a new security patch to cover seven vulnerabilities in its Mac OS X operating system, including e-mail, ColorSync, and its Safari browser. Secunia Research reported the vulnerabilities, which are categorized as "highly critical."
According to Apple, when Safari's "Block Pop-Up Windows" feature is not enabled, a malicious pop-up window could appear as being from a trusted site. If the "Block Pop-Up Windows" feature is enabled, then this issues does not occur. The update corrects the issue regardless of the setting.
Browser Wars
The news comes at an inopportune time. The browser wars are escalating -- largely because of concerns about security with Microsoft's (Nasdaq: MSFT) Windows operating system and its Internet Explorer browser -- and Safari is actually gaining momentum in the marketplace, according to market researcher WebSideStory.
Between the beginning of December and mid-January, Microsoft's Internet Explorer market share dropped 1.5 percent while Safari gained nearly 1 percent.
Jupiter Research analyst Joe Wilcox told MacNewsWorld that technology users need to keep flaws in context. Two of Apple's largest competitors, Microsoft's Internet Explorer and Mozilla's Firefox, have also seen recent security warnings. Microsoft Windows operating system has also had its share of vulnerabilities.
"There are going to be security problems -- period," Wilcox said. "Regardless of the product, no developer has the resources to uncover every possible bug or flaw. You have to look at the number of flaws, whether or not they were exploited and how quickly the developer responds."
Apple's Response
Secunia has already issued three separate vulnerability advisories this year for Apple's OS X. Secunia reported 15 advisories related to the operating system last year. That compares to two advisories for Microsoft's Internet Explorer 6.0 browser alone -- not including for the entire Windows operating system -- this year and 34 last year.
Apple executives were not immediately available for comment.
The text displayed on the Web page that contains the downloadable patch stated: "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available... Where possible, CVE (Common Vulnerabilities and Exposures) IDs are used to reference the vulnerabilities for further information."
The Security Update 2005-001 is for Mac OS X v10.2.8, Mac OS X Server v10.2.8, Mac OS X v10.3.7 and Mac OS X Server v10.3.7.
Will iWork Give Microsoft a Run for Its Money? January 12, 2005
"With iWork '05, we're building the successor to AppleWorks by taking advantage of the latest innovations in Mac OS X and iLife '05," Apple Senior Vice President of Applications Sina Tamaddon said. "IWork '05 makes it incredibly easy for anyone to create really great-looking documents, newsletters and presentations quickly and easily."
Related Stories
Developer Raps Linux Security January 11, 2005
Brad Spengler of grsecurity characterized the Linux Security Model, or LSM, as merely a way to allow the National Security Agency's SELinux to be used as a module. "The framework is unfit for any security system that does anything remotely innovative, such as grsecurity and RSBAC [Rule Set-Based Access Control]," he declared.
Passwords Pose Windows Security Threat, Foundation Says December 09, 2004
For some security pros, the asterisk issue is just a fragment of a larger problem. "My belief is that companies need to be looking at moving towards using stronger authentication, such as tokens or biometrics, in place of or in conjunction with passwords," said Vadim Lander of Computer Associates.
Microsoft Issues Out-of-Cycle Explorer Patch December 02, 2004
Wide adoption of the latest Explorer patch may be hindered because it requires more effort than the typical Windows update. "This one's going to take a little more effort," said Ken Dunham of iDefense. "You have to remember, there's a huge number of people who will not patch and we do expect continued iframe exploits."
Mobile Devices Create Security Challenge for Companies November 18, 2004
Experts agree that no amount of mobile security will be enough without employee education. "The best thing you can do is not a technology solution, it's awareness," said Ed Moyle of Security Curve. "If employees know that keeping the client list on the PDA is not a good idea and they know why, they're less likely to do it."
Solutionary's Earle Humphreys on Managed Security November 04, 2004
Solutionary bases its managed services offering on ActiveGuard, the company's proprietary security software. The solution continuously monitors and checks networks for changes and vulnerabilities, examines messages for irregularities and implements countermeasures.
Related News Alerts
More by Jennifer LeClaire
The Digital Car: Cool Automotive Accessories, Part 2 January 16, 2007
Not all the latest high-tech automotive electronics are built to entertain. Many give the driver more information and more control. Vehicle tracking devices can tell where the car is at any time, software installed in a smartphone can turn off a vehicle's security system whenever the owner approaches, and diagnostic tools can tell what's wrong with the engine -- and how much it'll be to fix it.
'World of Warcraft' Wows 8 Million Subscribers January 12, 2007
"World of Warcraft," the massively multiplayer online role-playing game, has reached the 8 million subscriber mark. Since debuting in North America in Nov. 2004, "World of Warcraft" has become the most popular MMORPG in the world. The franchise is available in seven different languages and is played on at least four continents.
AT&T Bids Goodbye to Cingular Brand January 12, 2007
Starting Monday, AT&T will launch a multimedia campaign to transition the Cingular Wireless brand name into its advertising and customer communications. The campaign will integrate popular imagery, phrases and icons from Cingular's traditional advertising, including the "raising the bar" tagline, the "Jack" character and the color orange.
Headline Feeds
Talkback: 
