Apple Releases Os X Lion, Resolves Security Issues Associated With Safari

By Author: eccuni
Total Articles: 211
Comment this article

Developers face constant challenge of evolving new products, which enhance user experience as well as meet the relevant security standards. OS X Lion, the much-awaited operating system is finally available for download from the Mac Application store of Apple. The developer has announced plans to release a USB flash drive, containing Lion installer next month. Customers using Mac OS X 10.6.6 or later versions can update to the Lion Operating system. The latest version attempts to resolve the slow booting issues associated with the previous versions and provides the option to restore all applications on re-boot. Apple first introduced OS X Lion or OS X 10.7 last year. Researchers consider the multi-touch gestures as another notable improvement in OS X Lion. Apple also updated Safari to 5.1. The browser is bundled with OS X Lion and also runs on Snow Leopard. The latest update is applicable to Mac OS X 10.6.8 and later versions, Windows XP and Vista. For users of Mac OS X 10.5.8, Apple has updated Safari to 5.0.6. Both updates patch several security flaws, which may cause cross-site scripting attack, arbitrary code execution, ...
... application termination and information disclosure.

Most of the vulnerabilities are associated with WebKit. The update resolves several memory corruption issues, configuration, cross-origin, URL spoofing, canonicalization and DNS prefetching issues. Memory corruption issues result in application termination or arbitrary code execution on visiting a malicious website. The way WebKit uses libxslt resulted in a configuration that may cause creation of arbitrary files with user privileges on visiting a malicious website. The creation of such files may result in arbitrary code execution.

While cross-origin issue in the way WebKit manages Web Workers may cause information disclosure, similar issue associated with web-addresses with embedded user name may result in cross-site scripting. The update improves the way WebKit manages URLs to resolve a canonicalization issue that could cause information disclosure on subscribing to malicious RSS feeds. The update seeks applications to opt in for DNS prefetching, earlier enabled by default. The issue causes mail clients to connect to an arbitrary DNS server. The security update also addresses a spoofing issue that allows a malicious website to display different URL in the address bar. Usually, developers encourage security researchers to detect and report vulnerabilities in various software products. Developers are now following a responsible disclosure policy, which allows third-party developers to resolve discrepancies in their products and applications. Security certification programs and online university degree courses allow professionals to enhance their capabilities and technical know-how.

Cybercriminals may exploit the vulnerabilities through drive-by attacks. Users must update to the latest versions to safeguard their computer systems from malware downloads and maintaining integrity, confidentiality and availability of information. Universities are now offering online degree courses on cyber security, which facilitate home and corporate Internet users to gain insights on security fundamentals.

Organizations face the challenge of keeping track of security updates by various developers and their smooth implementation. Professionals qualified in masters of security science may help organizations in prioritizing the security updates and ensure smooth transition, without causing disruption to the normal business operations.