Apple Updates Safari for Improved SSL Authentication

← Back to Stories (view on slashdot.org)

Apple Updates Safari for Improved SSL Authentication

Posted by pudge on Thursday May 15, 2003 @08:48AM from the i-am-gonna-take-you-surfin-with-me dept.

An anonymous reader writes "Safari upate is available from Apple on Software Update. This updates to Safari 1.0 Beta 2 (v74)." Says Apple, "This update is recommended for all Safari users and improves how Safari validates the authenticity of websites that use SSL certificates."

6 of 61 comments (clear)

Min score:

Reason:

Sort:

Re:At least Apple is up on these things... by MikeXpop · 2003-05-15 08:56 · Score: 2, Informative

You obviously don't use XP. There are system updates every week, and a good chunk of them include security updates.

--
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
Faster than you know. by RalphBNumbers · 2003-05-15 09:15 · Score: 4, Informative

Check the creation date on the updated app. It was built a couple of days ago.

I'm guessing they just had to run it thru QA since then to make sure they didn't break something else by fixing this.

--
"The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge
Re:At least Apple is up on these things... by sabNetwork · 2003-05-15 10:33 · Score: 5, Informative

Exactly. I use WinXP Pro, and these security updates are SCARY. The security holes which Apple patches are usually innocuous, minor bugs which would require significant effort to exploit. On the other hand, 75% of Microsoft's WinXP patches are described as "... allows attacker to gain control of computer, access to an administration account..."
What this update fixes by aberkvam · 2003-05-15 10:42 · Score: 5, Informative

One May 9, Secunia released an advisory entitled Apple Safari and Konqueror Embedded Common Name Verification Vulnerability. The summary is, "Apple Safari and Konqueror Embedded fails to validate the Common Name of a SSL certificate. This makes it possible to spoof SSL sites, so that users can't trust the authenticity of a SSL website." They also add, "NOTE: This does not affect the ordinary version of Konqueror."
1. Re:What this update fixes by Phroggy · 2003-05-18 19:06 · Score: 2, Informative
  
  Is Safari a codefork or an interrelated project?
  
  Apple does contribute patches to KDE, but it's a fork. Apple's version (which does not use Qt) is called WebCore.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Perhaps there's something you're missing indeed... by RalphBNumbers · 2003-05-16 04:08 · Score: 3, Informative

In the appearance pane in prefrences uncheck "Display images when the page opens".
Volia, images will not loaded automatically, as you prefer. This has been there since before beta2 iirc.

I can't see how you're supposed to load them manually though...

--
"The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge