Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Researchers: Apple to patch Safari before Pwn2Own
MacWorld ^ | Mar 4, 2011 5:05 AM | by Gregg Keizer

Posted on 03/04/2011 10:51:35 PM PST by Swordmaker

Apple will patch its Safari browser before the Pwn2Own hacking contest kicks off next week, security researchers hinted Thursday.

If accurate, Apple will join both Google and Mozilla, which earlier this week issued security updates for Chrome and Firefox as preparation for Pwn2Own.

On Wednesday, Apple patched a record 57 vulnerabilities in its iTunes music software; 50 of those bugs were attributed to WebKit, the open-source browser engine that Safari’s built on. iTunes relies on WebKit to render its online store component.

“Anti-pwn2own again: Apple fixed a record of 50 vuln[erabilities] in WebKit (iTunes), and is preparing the update for Safari/Mac OS X,” said French security firm Vupen in a message on its Twitter account.

Vupen’s mention of Pwn2Own refers to the annual hacking contest held at the CanSecWest security conference in Vancouver, British Columbia. This year's Pwn2Own runs March 9-11.

At Pwn2Own, security researchers will compete for $65,000 in prizes by trying to take down the most up-to-date editions of Safari 5, Google's Chrome 9, Microsoft's Internet Explorer 8 and Mozilla's Firefox 3.6.

It’s not unusual for Apple to patch WebKit flaws in one application before it rolls out those same fixes for another. In the past, however, it’s usually patched WebKit vulnerabilities in Safari before addressing them in iTunes.

Other clues to an upcoming Safari update came from HP TippingPoint—coincidentally the sponsor of Pwn2Own—which issued advisories on two WebKit bugs patched in iTunes Wednesday. The bugs were originally reported to TippingPoint’s Zero Day Initiative (ZDI) bug bounty program; ZDI passed the reports to Apple last October.

Both the advisories said that attackers could exploit the bugs to “execute arbitrary code on vulnerable installations of Apple ... WebKit” and that the vulnerabilities could be triggered using “drive-by” tactics that only require a victim to visit a malicious Web site.

Another hint that Safari will be patched soon came from the iTunes advisory posted by Apple on Wednesday. None of the 50 WebKit bugs listed in the advisory were accompanied by the usual terse Apple description; instead, Apple only noted the CVE (Common Vulnerabilities and Exposures) identifying number and the researcher(s) who first reported the flaw.

More than 30 of the 50 WebKit vulnerabilities were credited to Google researchers and developers. Google’s Chrome, like Safari, is built on the WebKit engine.

If Apple patches Safari, it will be the third browser to update this week.

Google patched 19 bugs in Chrome on Monday, and Mozilla followed that on Tuesday with an 11-patch update to Firefox .

Last year, only Apple and Google updated their browsers just before Pwn2Own. Mozilla acknowledged a critical vulnerability in Firefox less than a week before 2010’s contest, but said it wouldn’t fix the flaw in time for the challenge. Pwn2Own organizers later ruled that Firefox vulnerability off limit.

Assuming Apple updates Safari, of the four Pwn2Own-targeted browsers, only Internet Explorer (IE) will remain unpatched in the days leading up to the contest. Microsoft last issued fixes for IE flaws on Feb. 8 as part of its monthly Patch Tuesday.


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple; patch; update
Navigation: use the links below to view more comments.
first 1-2021-32 next last

1 posted on 03/04/2011 10:51:39 PM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: Swordmaker

Your really milking this.


2 posted on 03/04/2011 10:53:24 PM PST by allmost
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #3 Removed by Moderator

To: allmost
Your really milking this.

I maintain the Ping list. Give it a rest. I'm doing what I've been asked to do by 500 of your fellow Freepers. Jim Robinson has approved this, so quit complaining. You are outnumbered 500 to one... Plus the owner of this forum. You are out of line. You are not the FreeRepublic police.

4 posted on 03/04/2011 10:59:18 PM PST by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: ~Kim4VRWC's~; 1234; 50mm; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; ...
Apple to update Safari 5 before Pwn2Own contest next week—PING!

Please, No Flame Wars!
Discuss technical issues, software, and hardware.
Don't attack people!

Don't respond to the Anti-Apple Thread Trolls!
 PLEASE IGNORE THEM!!!

 


Apple at pwn2own 2011 Ping!

If you want on or off the Mac Ping List, Freepmail me.

5 posted on 03/04/2011 11:02:06 PM PST by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Yep.


6 posted on 03/04/2011 11:02:58 PM PST by allmost
[ Post Reply | Private Reply | To 5 | View Replies]

To: allmost

If you don’t like Apple threads, read something else.


7 posted on 03/04/2011 11:07:09 PM PST by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Swordmaker

Admin.


8 posted on 03/04/2011 11:27:42 PM PST by allmost
[ Post Reply | Private Reply | To 7 | View Replies]

To: Swordmaker

Thanks for the ping. Update complete. Thanks.


9 posted on 03/04/2011 11:27:48 PM PST by PA Engineer (Liberate America from the occupation media. There are Wars and Rumors of War.)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #10 Removed by Moderator

To: WVKayaker

The goracle seems so tempting to you.


11 posted on 03/05/2011 12:05:30 AM PST by allmost
[ Post Reply | Private Reply | To 10 | View Replies]

To: WVKayaker

Do you have an actual point?


12 posted on 03/05/2011 1:16:00 AM PST by allmost
[ Post Reply | Private Reply | To 10 | View Replies]

Comment #13 Removed by Moderator

To: dayglored

Mac heads and AGW. All wrong in one spot.


14 posted on 03/05/2011 2:18:51 AM PST by allmost
[ Post Reply | Private Reply | To 13 | View Replies]

To: dayglored
The contests are basically meaningless.

But apparently not meaningless to Apple (this year, anyway).

15 posted on 03/05/2011 2:19:15 AM PST by Leroy S. Mort
[ Post Reply | Private Reply | To 13 | View Replies]

To: dayglored

Used to be free BSD, Apple stole it. Now it’s a Mac. Is that better? :)


16 posted on 03/05/2011 2:34:58 AM PST by allmost
[ Post Reply | Private Reply | To 13 | View Replies]

To: allmost

How can you steal something that’s free?


17 posted on 03/05/2011 2:43:47 AM PST by Fresh Wind (TOTUS knows how to give a speech. Obama knows how to read.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Fresh Wind

How can you charge for something free. Ask Al Gore. Next OS due in 5 months....


18 posted on 03/05/2011 2:48:02 AM PST by allmost
[ Post Reply | Private Reply | To 17 | View Replies]

Comment #19 Removed by Moderator

To: Swordmaker
Does this explain why I just updated Firefox to 3.6.15 and Google Chrome did a "quiet" update to 9.0.597.107?
20 posted on 03/05/2011 4:36:46 AM PST by RayChuang88 (FairTax: America's economic cure)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-32 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson