Apple has released a new version of its Safari web browser, featuring a couple security fixes including one that earned one security researcher 10,000 U.S. dollars at the CanSecWest security conference.
The flaw was widely publicized after being exploited by Independent Security Evaluators Researcher Charlie Miller to gain access to a MacBook Air computer three weeks ago.
The bug lay in the way WebKit would process certain specially crafted JavaScript commands. In order to exploit the flaw, Miller had to first make the contest organizers visit a special Web site that contained his malicious JavaScript code.
In total, four security bugs have been fixed by Apple. The update is available for both Mac and PC at about 39MB. It is highly recommended for all Safari users to ensure the security of their systems.
There was one other winner in the CanSecWest contest, which invited hackers to try to break into Windows, Mac and Linux computers. Shane Macaulay, a researcher with the Security Objectives consultancy, hacked into a Vista machine using an Adobe Flash Player bug, which was patched last week.
Source:Xinhua/Agencies Author:china business Time:2008-05-24 From:china daily
