Apple Issues OS X Lion, Mitigates Security Flaws Associated with Safari

OS X Lion, the much-awaited operating system is finally available for download from the Mac Application store of Apple. Apple also updated Safari to 5.1.

Albuquerque, NM (prHWY.com) July 21, 2011 - Albuquerque, NM, United States - Developers face constant challenge of evolving new products, which enhance user experience as well as meet the relevant security standards. OS X Lion, the much-awaited operating system is finally available for download from the Mac Application store of Apple. The developer has announced plans to release a USB flash drive, containing Lion installer next month. Customers using Mac OS X 10.6.6 or later versions can update to the Lion Operating system. The latest version attempts to resolve the slow booting issues associated with the previous versions and provides the option to restore all applications on re-boot. Apple first introduced OS X Lion or OS X 10.7 last year. Researchers consider the multi-touch gestures as another notable improvement in OS X Lion. Apple also updated Safari to 5.1. The browser is bundled with OS X Lion and also runs on Snow Leopard. The latest update is applicable to Mac OS X 10.6.8 and later versions, Windows XP and Vista. For users of Mac OS X 10.5.8, Apple has updated Safari to 5.0.6. Both updates patch several security flaws, which may cause cross-site scripting attack, arbitrary code execution, application termination and information disclosure.

Most of the vulnerabilities are associated with WebKit. The update resolves several memory corruption issues, configuration, cross-origin, URL spoofing, canonicalization and DNS prefetching issues. Memory corruption issues result in application termination or arbitrary code execution on visiting a malicious website. The way WebKit uses libxslt resulted in a configuration that may cause creation of arbitrary files with user privileges on visiting a malicious website. The creation of such files may result in arbitrary code execution.

While cross-origin issue in the way WebKit manages Web Workers may cause information disclosure, similar issue associated with web-addresses with embedded user name may result in cross-site scripting. The update improves the way WebKit manages URLs to resolve a canonicalization issue that could cause information disclosure on subscribing to malicious RSS feeds. The update seeks applications to opt in for DNS prefetching, earlier enabled by default. The issue causes mail clients to connect to an arbitrary DNS server. The security update also addresses a spoofing issue that allows a malicious website to display different URL in the address bar. Usually, developers encourage security researchers to detect and report vulnerabilities in various software products. Developers are now following a responsible disclosure policy, which allows third-party developers to resolve discrepancies in their products and applications. Security certification programs and online university degree courses allow professionals to enhance their capabilities and technical know-how.

Cybercriminals may exploit the vulnerabilities through drive-by attacks. Users must update to the latest versions to safeguard their computer systems from malware downloads and maintaining integrity, confidentiality and availability of information. Universities are now offering online degree courses on cyber security, which facilitate home and corporate Internet users to gain insights on security fundamentals.

Organizations face the challenge of keeping track of security updates by various developers and their smooth implementation. Professionals qualified in masters of security science may help organizations in prioritizing the security updates and ensure smooth transition, without causing disruption to the normal business operations.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: lion installer, usb flash drive, apple, mac, application store, os x lion, safari, perating system, lion, cross site scripting

Categories: Internet

Link To This Press Release:

URL HTML Code