Search the Community
Showing results for tags 'safari'.
Found 3 results
Safari Cross-Domain Hijacking
Apple Patches WebKit Vulnerabilities in Safari
Aerosol posted a topic in Stiri securitateApple on Tuesday pushed out new versions of its Safari browser that address 17 security vulnerabilities in the WebKit engine. Safari 8.04, 7.14 and 6.24 patch multiple memory corruption issues in WebKit, Apple said. “These issues were addressed through improved memory handling,” Apple said in its advisory. The advisory is sparse in other details on individual CVEs; Apple said that users visiting a website hosting an exploit could put the browser at risk to remote code execution or a crash. A separate WebKit vulnerability affects the user interface and could open the door to phishing attacks. “A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL,” Apple said. “This issue was addressed through improved user interface consistency checks.” This is the second set of Apple patches in the last 10 days. The company took care of the FREAK vulnerability in iOS along with another vulnerability that would allow a hacker to remotely restart a user’s phone via a SMS message. Apple iOS 8.2 also patched a vulnerability in the iCloud keychain function that was the result of several buffer overflows. Source
History of the browser user-agent stringAnd then Google built Chrome, and Chrome used Webkit, and it was like Safari, and wanted pages built for Safari, and so pretended to be Safari. And thus Chrome used WebKit, and pretended to be Safari, and WebKit pretended to be KHTML, and KHTML pretended to be Gecko, and all browsers pretended to be Mozilla, and Chrome called itself Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13, and the user agent string was a complete mess, and near useless, and everyone pretended to be everyone else, and confusion abounded. WebAIM: In the beginning there was NCSA Mosaic...