Safari 5 fixes whopping 47 vulnerabilities in Safari 4.1

Posted:
in Mac Software edited January 2014
See it for yourself



http://support.apple.com/kb/HT4196





I can't put into words how fscking pissed off I am at Apple.



Sandboxing web facing programs is the only solution I see.

Comments

  • Reply 1 of 18
    spotonspoton Posts: 645member
    Also Microsoft patches 34 holes today



    http://www.computerworld.com/s/artic...massive_update





    Quote:

    Today's patch for IE8 was the last of those used to hack three browsers -- Mozilla's Firefox and Apple's Safari as well as IE -- at the March challenge. Mozilla patched Firefox April 1, eight days after the contest, while Apple fixed its flaw on April 14, 21 days post-Pwn2Own.





    Apple is lazy. 21 days? sheesh!
  • Reply 2 of 18
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by SpotOn View Post


    ...



    I can't put into words how fscking pissed off I am at Apple.



    Your hair is not on fire so there is no need to act like it is. MacOS X has been out for nearly a decade depending on how you count. Suffice it to say that the OS has been around for a long time. It has certainly been around long enough for you to have learned that there is a difference between a vulnerability and an exploit. There have been exactly zero exploits of the 47 vulnerabilities fixed in this most recent update of Safari. Now that they have been fixed, these vulnerabilities will never be exploited.



    Quote:
    Originally Posted by SpotOn View Post


    Sandboxing web facing programs is the only solution I see.



    How exactly will sandboxing do better than zero exploits?
  • Reply 3 of 18
    spotonspoton Posts: 645member
    Quote:
    Originally Posted by Mr. Me View Post


    It has certainly been around long enough for you to have learned that there is a difference between a vulnerability and an exploit. There have been exactly zero exploits of the 47 vulnerabilities fixed in this most recent update of Safari. Now that they have been fixed, these vulnerabilities will never be exploited.





    Spin it like you wish, but if I was a evil hacker I certainly wouldn't publish my vulnerabilities in a form of a replicating virus or trojan a illegal copy of a popular Mac program or leave my code on a web site long enough to gain attention.



    No, I'd be low key and covert in my comings and goings out of people's machines, leaving a backdoor or two, even in the keyboard firmware where its hard to erase.





    So the truth is you don't know how many exploits occurred on Mac's, because unless your a all knowing God, you can't know.



    Just because the white hats found certain vulnerabilities doesn't mean the black hats have already been using them for years.



    If you notice the credits given to finding these vulnerabilities, Google and HP sponsored Tipping Point are by large the largest suppliers. So what does that say for Apple's programmers and security measures that the COMPETITION is doing a better job than Apple?



    What does it say when it takes Firefox a mere 8 days to fix the holes and Apple a whopping 21 days?



    What does it say about Apple when they know it's impossible to totally secure Safari on Mac's, but then neglects to sandbox it to protect users files and the rest of their machine?
  • Reply 4 of 18
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by SpotOn View Post


    Spin it like you wish, ...



    I don't have to spin "0." It looks the same at every angle.
  • Reply 5 of 18
    spotonspoton Posts: 645member
    Quote:
    Originally Posted by Mr. Me View Post


    I don't have to spin "0." It looks the same at every angle.



    If your on the two dimensional kool-aid.



    Spin that "0" in three dimensions like normal and it looks like a "1" from four angles, thus the the four exploits you didn't see.



    I can act stupid too.
  • Reply 6 of 18
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by SpotOn View Post


    ...



    I can act stupid too.



    You can be as smart as you want to be. You still can't print perpendicular to the page. And even if you could, then there would still be zero exploits of the fixed vulnerabilities.
  • Reply 7 of 18
    bbwibbwi Posts: 812member
    Safari for Windows is the most insecure browser in the world. Apple just doesn't code secure software for Mac OS or Windows, period. Chrome is the most secure Windows browser with IE a close second. Rather than securing their software Apple is choosing to invest in a new platform, iOS. iOS doesn't allows any code not reviewed by apple to even run. Great way to keep you're stuff safe but there's a lot of overhead. Not to mention the new multitasking capabilities which essentially eliminate brackgrond processes i.e viruses, Trojans... But application virtualization which let's you pause, stop, start applcations on the fly could prove very useful; and it has as shown by Steve Jobs keynote.



    But, if ur on Windows use Chrome. Safari could still be safe to use due to obscurity but I wouldn't deploy it. Safari is not secure, but safe because no one targets it (make sense?). Switch to Chrome with top notch security on Windows and good overall HTML5 support



    I'm not sure if Chrome has as much advanced security on Mac that it does on Windows but none the less, Google is fighting an uphill battle with cloud computing so having better security on ALL platforms is beneficial, which Chrome is the leader in browser security
  • Reply 8 of 18
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by bbwi View Post


    Safari for Windows is the most insecure browser in the world. .... Chrome is the most secure Windows browser with IE a close second. ...



    Bunk. Double-bunk, in fact. Exactly where do you get this notion that Safari for Windows is so insecure? How many vulnerabilities does Safari for Windows have? How many does Internet Explorer have?



    Look. Safari sits on top of a substantial number of MacOS X frameworks that were ported to Windows for the specific purpose of supporting the browser. Safari for MacOS X has no exploits. It is supported by the same frameworks as Safari for Windows. Furthermore, Safari and Chrome are both built on the WebKit frameworks. You claim that one WebKit-based browser is extremely insecure but that another is extremely secure. That is impossible.



    In my professional life, I deal with a lot of engineers--Windows-using engineers. My Windows-using engineer friends dropped IE in favor of Safari because Safari is so much more secure. What do you know that my engineer friends don't know?
  • Reply 9 of 18
    bbwibbwi Posts: 812member
    I'm a windows admin. I use Safari. Safari is safer than IE but not more secure. Chrome is the most secure because it lives in a sandbox
  • Reply 10 of 18
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by bbwi View Post


    I'm a windows admin. I use Safari. Safari is safer than IE but not more secure. Chrome is the most secure because it lives in a sandbox



    OK windows admin, three questions:
    • How do you distinguish between safe and secure?

    • How many Safari for Windows exploits are there?

    • How many Chrome for Windows exploits are there?

  • Reply 11 of 18
    bbwibbwi Posts: 812member
    Quote:
    Originally Posted by Mr. Me View Post


    OK windows admin, three questions:
    • How do you distinguish between safe and secure?

    • How many Safari for Windows exploits are there?

    • How many Chrome for Windows exploits are there?




    Safe meaning fewer exploits.



    This is not a good metric because the major reason to create exploits is for money. Sine Safari has next to no market share there's no money. IE has tremendous market share which means major moneys exploiting it.



    Since you're not understanding I'll explain it further. You first need a vulnerability. Then you need to exploit it. The key metric you're looking at in regards to security is number of vulnerabilities not exploits. The number of vulnerabilities correlates to how secure your code is, hence your browser. The number of exploits correlates to how safe your browser is.



    Now, Chrome is also sanboxed which Safari isn't. Why does this matter? Because an exploit on Safari has access to system resources i.e files, folders, services, printing, etc... Chrome does not allow this access, it's sandboxed. In order exploit Chrome you need to first find a vulnerability, then find a vulnerability in Chrome's sandbox to exploit it. So it's multiple loop holes. Additionally, Windows Vista/7 implements ASLR in a superior fashion than OS X. So not only do hackers need to write multiple vulnerabilities and/or exploits but they also need to figure out a way to find them. Not to mention that in Chrome each tab is isolated in it's own process as well



    Safari and Apple have annonced that they are striving to achieve the same architechure that Chrome has by sandboxing Safari and including in webkit isolated processes.



    FYI, educate yourself and read up on Charlie Miller and how he's been able to win PWN2OWN several years in a row based on what I've just outlined
  • Reply 12 of 18
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by bbwi View Post


    ...



    FYI, educate yourself and read up on Charlie Miller and how he's been able to win PWN2OWN several years in a row based on what I've just outlined



    In other words, you don't have a clue.
  • Reply 13 of 18
    talksense101talksense101 Posts: 1,738member
    Quote:
    Originally Posted by Mr. Me View Post


    In other words, you don't have a clue.



    http://www.kb.cert.org/vuls/html/search



    I don't think one company is better than the other.



    Here is the list of security fixes and patches to Google chrome + the fact that you expose your location and browsing data to Google.



    http://googlechromereleases.blogspot.com/
  • Reply 14 of 18
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by talksense101 View Post


    http://www.kb.cert.org/vuls/html/search



    I don't think one company is better than the other.



    Here is the list of security fixes and patches to Google chrome + the fact that you expose your location and browsing data to Google.



    http://googlechromereleases.blogspot.com/



    You misrepresent your links.
  • Reply 15 of 18
    spotonspoton Posts: 645member
    Quote:
    Originally Posted by bbwi View Post


    IChrome is the most secure because it lives in a sandbox





    HOLY FRICKING CHRIST BATMAN!!!





    case closed. no further arguments.
  • Reply 16 of 18
    spotonspoton Posts: 645member
    Quote:
    Originally Posted by talksense101 View Post


    Here is the list of security fixes and patches to Google chrome + the fact that you expose your location and browsing data to Google.





    Yea Google has a reason for it's browsers security, it comes at the cost of your privacy. What little we have.



    But then having Safari's "Google Fraudulent Web Site" enabled in preferences does the same thing or using WOT plugin or enabling the Check for Web forgeries/attack sites in Firefox preferences.



    Also using Google Search logs your search terms and IP address for later retrieval.



    IP location can be done by anyone very easily.



    Then of course all the web bugs, trackers, Flash cookies, java history and internal IP sniffing that people don't see when they surf.



    Not to mention the logs kept by the ISP's and kept for years and years. The NSA back rooms off the AT&T internet backbone...back doors in routers, printouts with coded light yellow colored dots...iPhone hacks...





    Privacy? there is NONE!





    How else can they know that 116,000 search for ch*ld pR*n occur each day?



    Should be rather easy to find the sickos in the world and round them up.



    Or anti-government dissidents for that matter.



    Google "Do no evil" (But we provide the info to those who do. )
  • Reply 17 of 18
    groovetubegroovetube Posts: 557member
    hold the phone here. You mean to tell me, that some internet software, has security holes?



    O...M....GOD.
  • Reply 18 of 18
    I wish they would remove this dam load bar they put in or at least let me change the color. I wear everything loads now twice as slow.
Sign In or Register to comment.