• On TV.com: CHUCK and Sarah - So Yesterday?
November 11, 2009 6:17 PM PST

Apple updates Safari for security

by Seth Rosenblatt
  • Font size
  • Print
  • 63 comments

Apple released a security update for its Safari Web browser on Wednesday. Available for Windows and Mac, Safari 4.0.4 plugs what sound like moderate to severe security holes. Unlike competitors Internet Explorer, Firefox, and Chrome, Apple doesn't rate the severity of its security fixes.

The security fixes address a wide range of problem points. On both Windows and Mac, parsing maliciously written XML content could have led to a browser crash, using shortcut menu options within a maliciously created Web site could have led to the disclosure of local information, and visiting a maliciously built Web site could have resulted in unexpected actions on other opened Web sites.

For Windows only, viewing a maliciously made image with an embedded color profile that could lead to a browser crash or running arbitrary code is no longer a threat, nor is accessing a maliciously crafted FTP server, which could have led to an unexpected crash, information disclosure, or arbitrary code execution. For Mac only, an exploit that could have allowed e-mail to remotely load audio and video content when loading a remote image has been disabled.

Although it's good practice to update a program whenever a security fix has been released, more transparency from Apple on the matter would pull the company up to competitors' standards.

Click here to read the full changelog for Safari 4.0.4.

Seth peers into the deep, dark corners of software so that you don't have to. He has yet to suffer a single nightmare about OS/2. You can follow him on Twitter.
Topics:

Browsers and extensions,

Mac Software,

Windows Software

Tags:

Apple,

Safari,

security

Share:
Digg
Del.icio.us
Reddit
Recent posts from The Download Blog
Log in with your face
See what's under McAfee's new interface
Tales2Go: Get on-demand audiobooks for children
Microsoft, Google split over browser bug bounty
Mozilla plans to drop Mac OS X 10.4 support
TweetDeck gets a few tweaks
Adobe promises faster Flash on Macs
Security software maker Vitamin D exits beta
Add a Comment (Log in or register) (63 Comments)
  • prev
  • next
by cbscowards November 11, 2009 6:52 PM PST
Ok, now everyone commenting on the Windows 7 security hole story can come here and reverse roles...
Reply to this comment
by Gold_Storm_Mac November 11, 2009 6:54 PM PST
so true? hit it right on the nail
by Lennron November 12, 2009 8:48 AM PST
That's how it always goes. This is the second story in a week where Apple updated security holes. Everyone had reversed roles before. Don't see why it'd be any different now.
by Seaspray0 November 12, 2009 10:14 AM PST
@Gold Storm Mac. I'm not commeting here either..... DOH!
by kojacked November 12, 2009 12:41 PM PST
LOL! See you Apple fanboys there's no need for all of the Microsoft hate. Get over yourselves. There are more important things in life than the brand of tech you use.
by fiman16 November 11, 2009 6:54 PM PST
this update broke safari for me. the top sites function no longer works
Reply to this comment
by Gold_Storm_Mac November 11, 2009 7:01 PM PST
weird
by Perry_Clease November 11, 2009 7:05 PM PST
MIne works, go to Safari preferences, in the Bookmarks pane, and make sure that Top Sites is enabled
by cnetguard November 11, 2009 8:34 PM PST
Assuming you are on a Mac: first, as Perry_Clease suggested, try toggling the Top Sites settings off and on again. <br /><br />If that doesn't work, quit Safari and locate these files: 'com.apple.Safari.plist' from your Library/Preferences folder, and 'TopSites.plist' from your Library/Safari folder. Restart Safari. If the problem got fixed, quit Safari again and replace the new 'com.apple.Safari.plist' file with the one you placed outside (so that you won't have to reconfigure everything). If after restarting Safari again the feature still isn't broken, the 'TopSites.plist' file was corrupted, so you must reconfigure that manually; if the feature broke again, discard the old 'com.apple.Safari.plist' because it got corrupted (unless you want to do surgery on a complex XML file) and reconfigure your preferences by hand. <br /><br />Fortunately preferences files very rarely get corrupted, but when they do you just need to identify them and move them away so that a new file with the default settings will be created automatically the next time you restart the application.
by shellcodes_coder November 12, 2009 1:06 AM PST
How can it break something that's already been broken and created by a broken company?
by Perry_Clease November 12, 2009 4:40 AM PST
"How can it break something that's already been broken and created by a broken company?"<br /><br />Be a pretend shellcode coder
by jtfan2004 November 11, 2009 6:58 PM PST
What? Apple doesn't rate their severity? Gee, I wonder why that is. Couldn't be so as to make it seem like Apple never has problems, could it?<br /><br />Now I'm bummed. Here I was, thinking of buying a Mac, thinking that Apple was the Second Coming with their perfection, and now this. /sarcasm.
Reply to this comment
by lkrupp November 11, 2009 7:10 PM PST
And yet I don't run any security software and you have to in order to even exist on the internet.
by chessdude November 11, 2009 8:19 PM PST
@krupp<br /><br />you do know that snow kitten comes with an anti-virus/malware built-in by apple<br /><br />and i agree that it's terrible that apple doesn't grade the severity of their bugs/holes and as a consumer i wouldn't to be trapped inside apple's walled garden until it becomes a prison instead of a paradise<br /><br />microsoft, mozilla, google, and opera are all transparent, why not apple
by exactlyy November 12, 2009 12:10 AM PST
@ lkrupp<br />i dont have to run any security software, even the built in firewall is disabled and my PC is online 24/7.<br />so unless you are a complete retard who opens attachments from people you dont know and trust or downloading a movie or a picture with .exe then your PC is secure .. but if thats what you're being told by apple beside the magical notebook that somehow goes to sleep when you close the Led.. then i see where your coming come .
by ckh1272 November 12, 2009 2:52 AM PST
@exactlyy--Riiiight and you call macheads "tards" for thinking they are impervious.
by exactlyy November 12, 2009 8:50 AM PST
by ckh1272 November 12, 2009 2:52 AM PST<br />@exactlyy--Riiiight and you call macheads "tards" for thinking they are impervious.<br /><br />noone in the world is impervious and no OS is fully impervious , my point was if you know what you are doing on your PC or Mac and if you dont download cracks,hacks...etc or images.exe then i belive you are safe unless some really good hacker wants to hack your machine then nothing can stop him . <br />i just wanted to say to Mac fanboys who belive that on PC you cant get online unless you install antiviruse, antispyware and a firewall like zone alarm . they are mistaken and they are spreading lies .. and again i been using windows 7 for almost 10 months , and i have no security software what so ever..and befor i used windows XP from 2003 till March 2009 . i installed NIS for 2 days in 2003 and never tried any antiviruse after that ..never got a viruse .
by shellcodes_coder November 11, 2009 9:37 PM PST
Am sure those millions of users who were forced to download Crapari via Crapple update will also be forced to automatically download this update. If there was an open source alternative to iTunes then am sure they would have copied and pasted it in their iTunes to make it secure because they can't write secure code just like they did with UNIX for crap os x!! hahahahaaaaaaaaaaa
Reply to this comment
by ckh1272 November 11, 2009 11:01 PM PST
So uncheck the box and update when you feel like it and shut up already. Oh, and there is an open source alternative to iTunes. It's called Songbird and works pretty well, but you wouldn't know anything about that. hahahahaaaaaaaaaaaaa.
by Perry_Clease November 12, 2009 4:40 AM PST
"So uncheck the box and update when you feel like it and shut up already. "<br /><br />He is a troll
by shellcodes_coder November 11, 2009 9:39 PM PST
Why do people use this ugly bloated piece of crap from Crapple? even IE is better and more secure than Crapari
Reply to this comment
by Lennron November 12, 2009 8:51 AM PST
I used to say that Safari works alright as long as it's on a Mac. Here lately, my Mac-fanboy friends have started using alternate browsers, so now I'm starting to think it doesn't even work well on Macs!
by rapier1 November 12, 2009 1:11 PM PST
So I'm not a fan of Safari on the Mac by any stretch of the imagination. It's an absolute beast when it comes to memory usage and loves to suck up cycles. It's a shame because its an alright browser - it just fails in a few, relatively important, ways.
by Motyoj November 12, 2009 1:55 PM PST
Maybe it's time to wipe the hard drive again. Has it been six months yet?
by exactlyy November 12, 2009 4:08 PM PST
@ Motyoj - Maybe it's time to wipe the hard drive again. Has it been six months yet?<br />Like this . <br />with windows you do it when you feel like it. <br />with Mac , $teve Job$ takes care of the process and ereases your data for you .. Pwange !!
by exactlyy November 11, 2009 10:48 PM PST
wow. seems like snow leopard got more holes than a w-h-o-r-e .
Reply to this comment
by shellcodes_coder November 12, 2009 1:07 AM PST
agreed and thousands of more to go!!
by ckh1272 November 12, 2009 1:18 AM PST
Seems like you, once again, have no idea what you are talking. All software needs updates at one time or another, whether it is Microsoft, Apple, Adobe, or anyone else who makes software. Is that so hard for some of you people to understand? I guess so because you keep on making the same ignorant comments.
by exactlyy November 12, 2009 1:58 AM PST
@ ckh1272 <br />yes every software needs updates .. but for a fresh OS which supposed to be the most secure OS around.. and which does work like the tards in the ads say while keep on moving their hands like clowns to show how much they're exited .. its just not right and cant be accepted .. cause this means the people who used SL the past 2 months were at risk , and maybe their privacy,password, credit card and social security numbers have been compromised and yet apple wouldnt even say what they have fixed and how sever the threats were . <br />the only bright side i see is that apple has released 3 updates for SL so far - if i am not mistaken- with about 700 MB of holes fixes .. and they didnt force you to pay like they used to do ..thats good for them ..and for more transparency i'd suggest that they change the name of this full of holes SL to S-lo-t Leopard .
by ckh1272 November 12, 2009 2:46 AM PST
@exactlyy--"and they didnt force you to pay like they used to do"?? You are about as delusional as ole' shelly. Quit buy into the ad hype already. Do you buy into everything you see in ads?? I sure as hell don't. Never paid for incremental updates and never will. Just because you don't understand the difference, doesn't make it so. Also, maybe you should look up why the update sizes are the way they are. You might learn something for once, as opposed to making assumptions. Until then, stop replying to things you know little or nothing about because the only one truly full of holes is you apparently.
by ckh1272 November 12, 2009 2:50 AM PST
@exactlyy--Oh referencing SL as a service pack contradicts your "fresh OS statement". SL is about as much of a service pack as Win 7 and yes I do use both. They both have their plus and minuses. Point being that I can see around the bias comments by the macheads and winheads. Maybe you should try to do the same. I'm probably asking too much though.
by exactlyy November 12, 2009 6:41 AM PST
@ Chk1272 <br />what's wrongt with you dude ? really , where did i say snow leopard is a service pack ?? <br />i said SL which means snow leopard :S and i said a fresh OS , i never said it was a complete BS and thats not the reason i am attacking it.. the only reason is because its overpriced and the way steve jobs believes that customers dont know what they want untill he shows it to them ! i'd rather not take whatever steve wants me to take..insted i build my PC and install windows 7 , SL and ubuntu ..thats what i want and i know excatly what i want , but do you really know what you want or as steve said ? u need someone else to show you what they think is better for you ??
by Lennron November 12, 2009 12:29 PM PST
@ exactlyy and ckh1272 <br /> <br />Not trying to start a fight here, but I can't help but notice multiple instances where you to argue on these posts. Are you actually friends in real life just having fun? Because if so, I want in!
by TJwithAsadIQ November 12, 2009 3:56 PM PST
While I haven't done an exhaustive survey, all "w-h-o-r-e"s have the same number of holes. Of course, since you are a &lt;insert apple hater description here&gt;, you have no idea what a woman's anatomy is like.
by Lennron November 12, 2009 4:36 PM PST
@TJwithAsadIQ <br /> <br />HAHAHA!! So women only "show their anatomy" to people who don't hate Apple? You sound like the average Mac commercial writer. "Love Apple or women won't show your their anatomy!" There's about as much truth to that as every other Mac commercial I've seen.
by ckh1272 November 12, 2009 6:09 PM PST
"he only bright side i see is that apple has released 3 updates for SL so far - if i am not mistaken- with about 700 MB of holes fixes .. and they didnt force you to pay like they used to do ..thats good for them ..and for more transparency i'd suggest that they change the name of this full of holes SL to S-lo-t Leopard ."<br /><br />@exactlyy--That is your quote. You flat out imply that the SL upgrade was a service pack. Done with your BS, as I have nothing else to prove to you.
See more comment replies
by itster November 12, 2009 6:04 AM PST
I can't believe windows 7 is referred to as a service pack... If any of you Apple fanboys even did a little research you would know that MS has released a new os every 2-3 years and xp was an exception to that rule. <br /> <br />@exactlyy hit it on the head. I am an IT tech and run my own side business and i can't tell you how many people get so terrified when their system has been compromised in one way or another. Apple is a very shady company and i have been fully against their practices since day 1. That company should be investigated for their practices in the market place and wouldn't be surprised if they had to pay billions in fines. <br /> <br />How dare a company not inform the public as to why they need to fix the OS running on a pc they paid thousands for? A PC that holds all of their personal information? Having misleading ads and misleading the public? <br /> <br />Apple is a pathetic company and if it wasnt for Bill Gates greed, that company would not exist at all. <br /> <br />Thank you Bill for investion 150 mil and providing office products for a criminal company in the mid 90's
Reply to this comment
by ckh1272 November 12, 2009 11:22 PM PST
And Microsoft wouldn't know anything about criminal activity, now would they? Welcome to corporate America. Also, read this before making assumptions on Microsoft's "investment" in Apple in 1997:<br />http://news.cnet.com/2100-1001-202143.html
by missionmom1 November 12, 2009 6:17 AM PST
so...what exactly is a complete retard? could you be any more offensive? using the word retard is a slur and it dehumanizes people with special needs. Plus, it makes you look like a total tool and no one will take your comment seriously.
Reply to this comment
by jalessary November 12, 2009 10:57 AM PST
retard
by cloudmatt November 12, 2009 6:58 AM PST
"Unlike competitors Internet Explorer, Firefox, and Chrome, Apple doesn't rate the severity of its security fixes. "<br /><br />Security fixes? apple doesn't have security problems just "Features". Why would mac even need security they are "virus free" and "unhackable" right? (if you can't see the dripping sarcasm I might just take a sledge to an i-mac I got laying around)<br /><br />everything has holes some are bigger than others. At least MS tells you when it's a real goof, how many "minor fixes" were caps to giant security holes? That's like saying Jobs liver failure was just a tummy ache and the guy that died because he didn't get the liver was a feature of Jobs surgery.<br /><br />This is where the Mac Fanatics come from apple gives them a polished spun story on "minor issues" with osx then turn around and give wild eyed Rush Limbaugh style speculation at everything not mac. I don't ask Mac users to abandon a very nice operating system, I don't stand at the mountain top calling windows infallible(I love windows and I still think they could do better). I just wish the Apple kool-aid drinkers could step back and gain a little perspective, Your system = good, My system = good and Both our systems &lt; Perfect
Reply to this comment
by itster November 12, 2009 7:15 AM PST
The funny thing is that the Mac fanatics talk about the iphone number and that proves greatness, but when you point out MS owning 90% of the market in the OS department, mac fanboys respond "that's because owning a mac is like owning a ferrari". Yet they compare it to a device as amazing as (for example) the htc touch pro 2 that runs windows mobile. Imagine i can actually use the touch pro 2 as a wifi unit if i run into issues with network drives on a pc im working on. That's just 1 incredible feature out of a slew of features on a windows mobile device. <br /> <br />But i do disagree with windows being good and sl being good also. any apple os has been very poor to say the least from day 1. unix is their main issue simply because unix is swiss cheese out of the box and has tons of holes to patch.
by exactlyy November 12, 2009 9:26 AM PST
@ cloudmatt <br />and people wonder why the only point that most of windows and ubuntu users agree on is that most of the MAC OS users are stupid,brainwashed and just know nothing other than the lies they are being told by $teve Job$ about how safe, cool and smart they are .<br />Mac unhackable ?? have you ever heard about "The PWN2OWN contest" ? and the winner of that contest "Charlie Miller" ? who hacked into OS X in less than 2 minutes in March 2008. <br />and he did it again with Snow Leopard in March 2009 but this time in less than 10 seconds and in the same contest "Pwn2Own CamSecWest hacking competition."<br />the guy who can hack into Mac within 10 seconds indicated that the security Apple built into Snow Leopard is inferior not only to Windows 7, but also to Windows Vista, a three-year old operating system . <br />so please befor you open your mouth and tell us how safe and secure OS X is and make a fool of yourself just search and read as much as you can .. and here are some links to get you started . <br />http://news.softpedia.com/news/Windows-7-Bests-Snow-Leopard-Says-Mac-Hacker-121895.shtml<br />http://www.macworld.com/article/133098/2008/04/hack.html
by cloudmatt November 12, 2009 10:29 AM PST
@exactlyy<br /><br />dude, hold up, did you read my post? where did i give you the impression I'm a mac guy. "" means sarcasm like calling George W. "Educated". and I really don't see how you could call me a mac fan when I compared Jobs with an Organ harvesting murder. I know mac are hackable and insecure, to a factor of 2X more known hacks than windows vista. and i was sure, dead sure that comparing mac portrayal of other os's to a racist close-minded bigot would have left no doubt as to my point.<br /><br />congrats you have managed to limbo under my expectations which were already in the basement<br /><br />*grabs the sledge* you have doomed this poor i-Mac to death by sledge i hope your happy
by exactlyy November 12, 2009 11:44 AM PST
OMG , i am so sorry dude , i belive NOW is the time for me to stop smoking rothmans :D
by cloudmatt November 12, 2009 12:41 PM PST
no prob. I enjoyed bashing that stupid little first gen i-Mac.
by Vegaman_Dan November 12, 2009 8:23 AM PST
I don't use Safari on any OS except the iPhone/Touch and only there because Apple refuses to let anyone else build a better browser (There are several better ones for mobile use that could be adapted). <br /> <br />Each OS has its issues and it's good to have updates released. Yes, Apple could do more to improve their public image by being a bit more open, but that's simply not going to happen, so accept it and move on.
Reply to this comment
by Lennron November 12, 2009 9:07 AM PST
"Each OS has its issues and it's good to have updates released." <br /> <br />WRONG!!! Haven't you ever seen a Mac commercial?? Macs are flawless. End of story. You dumb dummy. <br />They only put out these "security updates" because they have nothing better to do with their perfect software. <br />The problems people experience with their Macs are somehow caused by Microsoft, Barak Obama, and Aliens that live in spaceships in orbit around Earth. Don't you know anything Vegaman_Dan?? If that is, in fact, your real name!
by Seaspray0 November 12, 2009 10:44 AM PST
@Lennron. I might get killed for this, but.... It's not his real name. If you knew his real name, it would only confirm that your paranoia was truely valid.
by Vegaman_Dan November 12, 2009 12:12 PM PST
NO! I will not reveal my true origins from Planet Orion-12! None shall know my secret- oh, drat, I just spilled the beans, didn't I? <br /> <br />Oh well, at least I didn't tell you about our plans to take over the Earth through the use of iPhones. <br /> <br />DRAT!
by Lennron November 12, 2009 12:12 PM PST
CRAP!!! I knew I should have worn my foil hat today! I hope Lord Jobs will save me.
by sacapiloa November 12, 2009 9:41 AM PST
dont u people get tired of the SAME discussion every single article? <br /><br />i propose a commenter ranking system to combat this. let us banish the fanboys to low-ranking-ridicule! are u listening cnet??
Reply to this comment
by itster November 12, 2009 9:50 AM PST
that would be great, it would kick the macboys right off. these fanboys are so dillusional they refuse to admit to issues. it's like they're from another planet. <br /> <br />in all seriousness, these matters should be discussed over and over again because it has to be known and this information has to spread because of the consumer being mislead by those crazy commercials. plus it's not always the same readers on every article so repeating is not a bad thing
by exactlyy November 12, 2009 10:30 AM PST
i agree with itster and we have a saying " if there is a way to teach a donkey ,that w'd be by repeating. "
by Seaspray0 November 12, 2009 10:48 AM PST
"repeating is not a bad thing" a bad thing... a bad thing... a bad thing... a bad thing... a bad thing... a bad thing... <br /> <br />What was repeating again?
by ckh1272 November 12, 2009 11:28 PM PST
Once again people, it is a two street of Mac fans and Wndows fans having a pissing contest. It's all silly and petty if you ask me and as of right now I am done with posting to this constant drivel of a site (not the CNET articles but the "comments" section). It is pointless to argue with brick walls on both sides, plain and simple. Good luck everyone with whatever you use.
by ckh1272 November 13, 2009 3:36 AM PST
"by ckh1272 November 12, 2009 11:28 PM PST<br />Once again people, it is a two street of Mac fans and Wndows fans having a pissing contest. It's all silly and petty if you ask me and as of right now I am done with posting to this constant drivel of a site (not the CNET articles but the "comments" section). It is pointless to argue with brick walls on both sides, plain and simple. Good luck everyone with whatever you use."<br /><br />Oops!! I meant to say "two WAY street". Sorry, I was not going to go away with bad grammar on my last post. Adios!
by ckh1272 November 13, 2009 3:38 AM PST
"by ckh1272 November 12, 2009 11:28 PM PST<br />Once again people, it is a two street of Mac fans and Wndows fans having a pissing contest. It's all silly and petty if you ask me and as of right now I am done with posting to this constant drivel of a site (not the CNET articles but the "comments" section). It is pointless to argue with brick walls on both sides, plain and simple. Good luck everyone with whatever you use."<br /><br />"two WAY street". Oops.
by andeyejah November 12, 2009 10:59 AM PST
i use firefox only use safari if i really need to on my mac it's in a league with internet exploer in my book!
Reply to this comment
by cp256 November 12, 2009 11:14 AM PST
"Moderate to severe security holes" in an Apple product? Either it is just complete BS or the world is coming to an end in 2010 and not 2012!<br /><br />Firefox all the way!
Reply to this comment
by itster November 12, 2009 1:36 PM PST
what's wrong with IE? it's the fastest and most secure browser on the market.. i guess you believe in the ad on their site "IE is so 80's" riiiiiiiiiiiiiiiiiiiiiiiiiiiiiight <br /> <br />i wont use internet explorer because of that
Reply to this comment
by bousozoku November 13, 2009 12:50 AM PST
All I can say is that I'm surprised that Apple is actually getting to Safari problems *relatively* quickly. Prior to version 4, they let the problems languish until they became news and then, they took a lot of time to fix them.<br /><br />Of course, with Google using WebKit also, they've probably been finding more problems with the code and the fixes go between the two companies.
Reply to this comment
(63 Comments)
  • prev
  • next

Search Download Blog posts

advertisement

About The Download Blog

Download.com editors cover the world of downloadable software and beyond.

Add this feed to your online news reader

The Download Blog topics

download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
CNET Widgets
Customer Help Center
RSS
CNET API
About CNET