Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Updates Safari for Improved SSL Authentication

Posted by pudge on from the i-am-gonna-take-you-surfin-with-me dept.

An anonymous reader writes "Safari upate is available from Apple on Software Update. This updates to Safari 1.0 Beta 2 (v74)." Says Apple, "This update is recommended for all Safari users and improves how Safari validates the authenticity of websites that use SSL certificates."

2 of 61 comments (clear)

  1. Re:At least Apple is up on these things... by sabNetwork · · Score: 5, Informative

    Exactly. I use WinXP Pro, and these security updates are SCARY. The security holes which Apple patches are usually innocuous, minor bugs which would require significant effort to exploit. On the other hand, 75% of Microsoft's WinXP patches are described as "... allows attacker to gain control of computer, access to an administration account..."

  2. What this update fixes by aberkvam · · Score: 5, Informative

    One May 9, Secunia released an advisory entitled Apple Safari and Konqueror Embedded Common Name Verification Vulnerability. The summary is, "Apple Safari and Konqueror Embedded fails to validate the Common Name of a SSL certificate. This makes it possible to spoof SSL sites, so that users can't trust the authenticity of a SSL website." They also add, "NOTE: This does not affect the ordinary version of Konqueror."