or Connect
AppleInsider › Forums › Software › Mac Software › Safari 5 fixes whopping 47 vulnerabilities in Safari 4.1
New Posts  All Forums:Forum Nav:

Safari 5 fixes whopping 47 vulnerabilities in Safari 4.1

post #1 of 19
Thread Starter 
See it for yourself

http://support.apple.com/kb/HT4196


I can't put into words how fscking pissed off I am at Apple.

Sandboxing web facing programs is the only solution I see.
post #2 of 19
Thread Starter 
Also Microsoft patches 34 holes today

http://www.computerworld.com/s/artic...massive_update


Quote:
Today's patch for IE8 was the last of those used to hack three browsers -- Mozilla's Firefox and Apple's Safari as well as IE -- at the March challenge. Mozilla patched Firefox April 1, eight days after the contest, while Apple fixed its flaw on April 14, 21 days post-Pwn2Own.


Apple is lazy. 21 days? sheesh!
post #3 of 19
Quote:
Originally Posted by SpotOn View Post

...

I can't put into words how fscking pissed off I am at Apple.

Your hair is not on fire so there is no need to act like it is. MacOS X has been out for nearly a decade depending on how you count. Suffice it to say that the OS has been around for a long time. It has certainly been around long enough for you to have learned that there is a difference between a vulnerability and an exploit. There have been exactly zero exploits of the 47 vulnerabilities fixed in this most recent update of Safari. Now that they have been fixed, these vulnerabilities will never be exploited.

Quote:
Originally Posted by SpotOn View Post

Sandboxing web facing programs is the only solution I see.

How exactly will sandboxing do better than zero exploits?
post #4 of 19
Thread Starter 
Quote:
Originally Posted by Mr. Me View Post

It has certainly been around long enough for you to have learned that there is a difference between a vulnerability and an exploit. There have been exactly zero exploits of the 47 vulnerabilities fixed in this most recent update of Safari. Now that they have been fixed, these vulnerabilities will never be exploited.


Spin it like you wish, but if I was a evil hacker I certainly wouldn't publish my vulnerabilities in a form of a replicating virus or trojan a illegal copy of a popular Mac program or leave my code on a web site long enough to gain attention.

No, I'd be low key and covert in my comings and goings out of people's machines, leaving a backdoor or two, even in the keyboard firmware where its hard to erase.


So the truth is you don't know how many exploits occurred on Mac's, because unless your a all knowing God, you can't know.

Just because the white hats found certain vulnerabilities doesn't mean the black hats have already been using them for years.

If you notice the credits given to finding these vulnerabilities, Google and HP sponsored Tipping Point are by large the largest suppliers. So what does that say for Apple's programmers and security measures that the COMPETITION is doing a better job than Apple?

What does it say when it takes Firefox a mere 8 days to fix the holes and Apple a whopping 21 days?

What does it say about Apple when they know it's impossible to totally secure Safari on Mac's, but then neglects to sandbox it to protect users files and the rest of their machine?
post #5 of 19
Quote:
Originally Posted by SpotOn View Post

Spin it like you wish, ...

I don't have to spin "0." It looks the same at every angle.
post #6 of 19
Thread Starter 
Quote:
Originally Posted by Mr. Me View Post

I don't have to spin "0." It looks the same at every angle.

If your on the two dimensional kool-aid.

Spin that "0" in three dimensions like normal and it looks like a "1" from four angles, thus the the four exploits you didn't see.

I can act stupid too.
post #7 of 19
Quote:
Originally Posted by SpotOn View Post

...

I can act stupid too.

You can be as smart as you want to be. You still can't print perpendicular to the page. And even if you could, then there would still be zero exploits of the fixed vulnerabilities.
post #8 of 19
Safari for Windows is the most insecure browser in the world. Apple just doesn't code secure software for Mac OS or Windows, period. Chrome is the most secure Windows browser with IE a close second. Rather than securing their software Apple is choosing to invest in a new platform, iOS. iOS doesn't allows any code not reviewed by apple to even run. Great way to keep you're stuff safe but there's a lot of overhead. Not to mention the new multitasking capabilities which essentially eliminate brackgrond processes i.e viruses, Trojans... But application virtualization which let's you pause, stop, start applcations on the fly could prove very useful; and it has as shown by Steve Jobs keynote.

But, if ur on Windows use Chrome. Safari could still be safe to use due to obscurity but I wouldn't deploy it. Safari is not secure, but safe because no one targets it (make sense?). Switch to Chrome with top notch security on Windows and good overall HTML5 support

I'm not sure if Chrome has as much advanced security on Mac that it does on Windows but none the less, Google is fighting an uphill battle with cloud computing so having better security on ALL platforms is beneficial, which Chrome is the leader in browser security
post #9 of 19
Quote:
Originally Posted by bbwi View Post

Safari for Windows is the most insecure browser in the world. .... Chrome is the most secure Windows browser with IE a close second. ...

Bunk. Double-bunk, in fact. Exactly where do you get this notion that Safari for Windows is so insecure? How many vulnerabilities does Safari for Windows have? How many does Internet Explorer have?

Look. Safari sits on top of a substantial number of MacOS X frameworks that were ported to Windows for the specific purpose of supporting the browser. Safari for MacOS X has no exploits. It is supported by the same frameworks as Safari for Windows. Furthermore, Safari and Chrome are both built on the WebKit frameworks. You claim that one WebKit-based browser is extremely insecure but that another is extremely secure. That is impossible.

In my professional life, I deal with a lot of engineers--Windows-using engineers. My Windows-using engineer friends dropped IE in favor of Safari because Safari is so much more secure. What do you know that my engineer friends don't know?
post #10 of 19
I'm a windows admin. I use Safari. Safari is safer than IE but not more secure. Chrome is the most secure because it lives in a sandbox
post #11 of 19
Quote:
Originally Posted by bbwi View Post

I'm a windows admin. I use Safari. Safari is safer than IE but not more secure. Chrome is the most secure because it lives in a sandbox

OK windows admin, three questions:
  • How do you distinguish between safe and secure?
  • How many Safari for Windows exploits are there?
  • How many Chrome for Windows exploits are there?
post #12 of 19
Quote:
Originally Posted by Mr. Me View Post

OK windows admin, three questions:
  • How do you distinguish between safe and secure?
  • How many Safari for Windows exploits are there?
  • How many Chrome for Windows exploits are there?

Safe meaning fewer exploits.

This is not a good metric because the major reason to create exploits is for money. Sine Safari has next to no market share there's no money. IE has tremendous market share which means major moneys exploiting it.

Since you're not understanding I'll explain it further. You first need a vulnerability. Then you need to exploit it. The key metric you're looking at in regards to security is number of vulnerabilities not exploits. The number of vulnerabilities correlates to how secure your code is, hence your browser. The number of exploits correlates to how safe your browser is.

Now, Chrome is also sanboxed which Safari isn't. Why does this matter? Because an exploit on Safari has access to system resources i.e files, folders, services, printing, etc... Chrome does not allow this access, it's sandboxed. In order exploit Chrome you need to first find a vulnerability, then find a vulnerability in Chrome's sandbox to exploit it. So it's multiple loop holes. Additionally, Windows Vista/7 implements ASLR in a superior fashion than OS X. So not only do hackers need to write multiple vulnerabilities and/or exploits but they also need to figure out a way to find them. Not to mention that in Chrome each tab is isolated in it's own process as well

Safari and Apple have annonced that they are striving to achieve the same architechure that Chrome has by sandboxing Safari and including in webkit isolated processes.

FYI, educate yourself and read up on Charlie Miller and how he's been able to win PWN2OWN several years in a row based on what I've just outlined
post #13 of 19
Quote:
Originally Posted by bbwi View Post

...

FYI, educate yourself and read up on Charlie Miller and how he's been able to win PWN2OWN several years in a row based on what I've just outlined

In other words, you don't have a clue.
post #14 of 19
Quote:
Originally Posted by Mr. Me View Post

In other words, you don't have a clue.

http://www.kb.cert.org/vuls/html/search

I don't think one company is better than the other.

Here is the list of security fixes and patches to Google chrome + the fact that you expose your location and browsing data to Google.

http://googlechromereleases.blogspot.com/
Most of us employ the Internet not to seek the best information, but rather to select information that confirms our prejudices. - Nicholas D. Kristof
Reply
Most of us employ the Internet not to seek the best information, but rather to select information that confirms our prejudices. - Nicholas D. Kristof
Reply
post #15 of 19
Quote:
Originally Posted by talksense101 View Post

http://www.kb.cert.org/vuls/html/search

I don't think one company is better than the other.

Here is the list of security fixes and patches to Google chrome + the fact that you expose your location and browsing data to Google.

http://googlechromereleases.blogspot.com/

You misrepresent your links.
post #16 of 19
Thread Starter 
Quote:
Originally Posted by bbwi View Post

IChrome is the most secure because it lives in a sandbox


HOLY FRICKING CHRIST BATMAN!!!


case closed. no further arguments.
post #17 of 19
Thread Starter 
Quote:
Originally Posted by talksense101 View Post

Here is the list of security fixes and patches to Google chrome + the fact that you expose your location and browsing data to Google.


Yea Google has a reason for it's browsers security, it comes at the cost of your privacy. What little we have.

But then having Safari's "Google Fraudulent Web Site" enabled in preferences does the same thing or using WOT plugin or enabling the Check for Web forgeries/attack sites in Firefox preferences.

Also using Google Search logs your search terms and IP address for later retrieval.

IP location can be done by anyone very easily.

Then of course all the web bugs, trackers, Flash cookies, java history and internal IP sniffing that people don't see when they surf.

Not to mention the logs kept by the ISP's and kept for years and years. The NSA back rooms off the AT&T internet backbone...back doors in routers, printouts with coded light yellow colored dots...iPhone hacks...


Privacy? there is NONE!


How else can they know that 116,000 search for ch*ld pR*n occur each day?

Should be rather easy to find the sickos in the world and round them up.

Or anti-government dissidents for that matter.

Google "Do no evil" (But we provide the info to those who do. )
post #18 of 19
hold the phone here. You mean to tell me, that some internet software, has security holes?

O...M....GOD.
What I got... 15" i7 w/8 gigs ram,iPad2 64gig wifi, 2.0 mac mini, 2.0 17" imac, appleTv, Still running my old G4 466 upgraded to 1.2GHz maxed ram as a pro tools machine, and 2 iphones.
Reply
What I got... 15" i7 w/8 gigs ram,iPad2 64gig wifi, 2.0 mac mini, 2.0 17" imac, appleTv, Still running my old G4 466 upgraded to 1.2GHz maxed ram as a pro tools machine, and 2 iphones.
Reply
post #19 of 19
I wish they would remove this dam load bar they put in or at least let me change the color. I wear everything loads now twice as slow.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Safari 5 fixes whopping 47 vulnerabilities in Safari 4.1