14 DAY TRIAL // Apple will attempt to stop hackers in their tracks with a Safari patch set to fix numerous WebKit vulnerabilities, according to security firm Vupen. The move was rather foreseeable with the Pwn2Own hacking contest mere days away.
A leading IT security research company providing vulnerability management and security intelligence solutions, France-based Vupen Security said Apple would be rolling out a patch to close up Safari’s holes after a similar patch was issued last week for iTunes.
The software vendor doesn’t specify whether this information is coming directly from Apple, or whether it is simply logical that Apple will do everything in its power to surround Safari with walls as hackers take aim at it with their know-how.
Apple’s latest iTunes 10.2 software update was specifically aimed at providing compatibility with the upcoming iOS 4.3, but it also patches roughly fifty exploits in WebKit, the page-rendering platform shared by both iTunes and the Safari web browser.
“Anti-pwn2own again: Apple fixed a record of 50 vuln. in Webkit (iTunes), and is preparing the update for Safari / Mac OS X…”, reads a recent tweet by Vupen Security.
In what will undoubtedly tickle Apple fans’ huge egos, the French security company also said “Upcoming Microsoft patch day before pwn2own will not fix any IE vuln! With or without a patch, MS knows that IE will be pwned!”
Browsers targeted in the Pwn2Own 2011 contest include Safari 5, Google Chrome, Microsoft’s Internet Explorer, and Mozilla Firefox.
Last year, the Pwn2Own contest saw three of the four browsers successfully compromised, including the mobile version of Safari running on iPhones, iPod touches, and on the iPad.
At Pwn2Own, the who’s who of hackers race to hack web browsers and mobile devices.
Each browser will be installed on a 64-bit machine running the latest version of either Mac OS X or Windows 7.
Laptop prizes include Sony Vaio running Windows 7; Alienware m11x running Windows 7; Apple MacBook Air 13" running Mac OS X Snow Leopard; Google CR-48 running ChromeOS.
The latter will not be used for hacking, but rather as a prize-only computer.