Apple patches up Safari and rolls out extensions

When Jeremiah Grossman, CTO of WhiteHat Security, announced last week that he had found a security hole in the Safari browser, he certainly got Apple’s attention. The company has patched the vulnerability — along with 14 others in Safari 5.0.1 and 4.1.1 — just a day before Grossman was set to demonstrate the bug at the Black Hat Security Conference.

Then again, Grossman had been trying to get Apple’s attention in a more discreet way. He says he had reported the issue to Apple a month before his announcement but got only automated email replies for his efforts. The nonresponse made Grossman go public; apparently bad PR spurs more action than helpful hints.

[ Last week, security company Secunia announced that Internet Explorer was the least vulnerable browser over the past year. | Check out InfoWorld’s Web Browser Security Deep Dive. ]

It’s worth noting that the flaw Grossman found is not unique to Safari — it’s also present in Internet Explorer, Firefox, and Chrome — and of the 15 patches, it’s not even the most serious one (13 of the 15 are critical vulnerabilities that can be exploited via drive-by attack). But it is the flaw that Grossman spoke about the loudest, and well, squeaky wheels get the grease.

In less reactionary Safari news, Apple is also enabling browser extensions by default and has rolled out a gallery of more than 100 extensions, including, yes, some security add-ons. All the extensions are sandboxed as a security measure and are built using HTML5, CSS3, or JavaScript.

This article, “Apple patches up Safari and rolls out extensions” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.