Apple Safari

(get it in RSS or Atom)

SSCC 107 - Hostgator, Safari, Java, pwning planes with Android, and Facebook Home [PODCAST]

img-107-250

Here's the latest episode in the popular "Chet Chat" series.

Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.

Monday review - the hot 22 stories of the week

Monday review - the hot stories of the week

In case you missed any recent stories, here's everything we wrote in the last seven days.

Apple updates Safari, gives better control over Java applets

safari-250

Apple has pushed out a Safari update to go along with this week's "Java Tuesday" fix.

It's supposed to give you finer-grained control over Java in your browser.

Paul Ducklin puts it through its paces...

Monday review - the hot 32 stories of the week

Monday review - the hot stories of the week

It's that time of the week again - here's your roundup of everything we wrote in the last seven days.

Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too

Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.

There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.

PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again

PWN2OWN 2013 finished off today.

A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...

PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned

Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.

Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...

Find a new way of exploiting Chrome, IE, Java, etc.. and you could win millions of dollars

Find a new way of exploiting Chrome, IE, Java, etc.. and you could win millions of dollars

Security researchers are gathering in Vancouver at the CanSecWest conference, in the hope of winning substantial cash prizes for finding exploitable vulnerabilities in the likes of Chrome, Internet Explorer and Java.

Apple (again) washes its hands of the Java mess

Apple (again) washes its hands of the Java mess

Apple's thrown in the towel on the Java mess and has, for the second time in two weeks, blocked all versions of Java on OS X 10.6 (Snow Leopard) and later.

Apple updates iOS fixing 27 vulnerabilities and TURKTRUST revocation

Apple updates iOS fixing 27 vulnerabilities and TURKTRUST revocation

Apple has released updates for users of the iPod Touch, iPhone, iPad and Apple TV products that fix critical vulnerabilities. Apple users should update their devices to iOS 6.1 as soon as possible.

PWN2OWN - hack the Big Four browsers in public and go home with half a million dollars

targets-250

Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.

But is it just about the money?

Paul Ducklin investigates...

Apple and Mozilla - 'Just say no to Java'

New security hole found in multiple Java versions

After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.

Turkish Certificate Authority screwup leads to attempted Google impersonation

shutterstock_brokenpadlock250

Another Certificate Authority has been caught out having issued certificates that were being used to impersonate Google. Does the SSL padlock not mean we are safe anymore?

Judge approves $22.5M Google fine for violating Safari privacy

ftc-250-blue

A U.S. federal judge in San Francisco gives the nod of approval, declaring that Google should pay a $22.5M USD fine for misleading consumers about the privacy protections offered to users of Apple's Safari web browser.

New security hole found in multiple Java versions

New security hole found in multiple Java versions

The same team of Polish researchers who discovered a critical security hole in Oracle’s Java software say that they uncovered another such hole, which could be used to bypass the secure application “sandbox” on most recent versions of Java.

Is Opera *really* the safest browser?

Is Opera really the safest browser?

Opera, a relative minnow in the web browser market, is reckoned to be a more secure browser than the likes of Google Chrome, Mozilla Firefox and Internet Explorer - according to our online poll.

But maybe someone has influenced the vote?

Which web browser do you recommend? [POLL]

Which web browser do you recommend? [POLL]

As browser makers beef up security in their products - which product do you recommend to friends who want to surf the web more safely?

Google staffs up 'Red Team' to protect the world from its privacy lapses

Google staffs up 'Red Team' to poke at its own privacy practices post-FTC settlement

Is the job listing for a Data Privacy Engineer proof that Google's mending its privacy ways, or is the gesture as empty as the HTML form it used to slip past Safari's no-tracking controls?

Vote in our poll: is Google's fine of $22.5 million enough to buy privacy?

Google fined $22.5 million for not living up to its privacy promises

Google will cough up $22.5 million for putting sneaky code into its web pages, even after agreeing that it would get "comprehensive" about privacy.

But are financial sanctions enough?

Have your say in our poll...

Where are the Safari security updates for Windows and Snow Leopard? Users left exposed

no-safari-for-you-thumb

Apple released Safari 6 as part of its new Mac operating system, OS X Mountain Lion, as well as a version for Lion that fixes a whopping 121 security vulnerabilties.

But what about Windows and Snow Leopard? It seems Apple is leaving users of them behind.