About the security content of Safari 18.1 – Apple Support

October 29, 2024 at 02:42PM Apple released updates for Safari 18.1 on macOS Ventura and Sonoma on October 28, 2024, addressing multiple vulnerabilities (CVE-2024-44259, CVE-2024-44244, CVE-2024-44229, CVE-2024-44296). Issues included memory corruption and failures to enforce Content Security Policy, potentially causing process crashes when processing malicious web content. **Meeting Notes Takeaways:** **Release Information:** – **Apple ID:** … Read more

Meet clickjacking’s slicker cousin, ‘gesture jacking,’ aka ‘cross window forgery’

April 3, 2024 at 02:42AM Clickjacking, an attack technique repurposing web page elements, poses ongoing challenges for browsers and developers. The latest variation, “cross window forgery,” leverages user gestures to execute attacks, with potential for account takeovers. Browser makers continue efforts to reduce risks, while experts recommend defensive measures, such as randomizing ID tag values … Read more

About the security content of Safari 17.4 – Apple Support

March 7, 2024 at 02:15PM Summary: Multiple security issues (CVE-2024-23273, 23252, 23254, 23263, 23280, 23284) were addressed with improved state management, memory handling, UI handling, and validation in WebKit. These issues impact Safari Private Browsing and could result in unauthorized access to private tabs, denial-of-service, audio data exfiltration, and user fingerprinting. Updates are available for … Read more

Mozilla decides Trusted Types is a worthy security feature

December 21, 2023 at 06:06AM Mozilla has revised its position to implement Trusted Types in its Firefox browser, aiming to decrease web attacks relying on injected code. This technology addresses DOM-XSS, reducing the common vulnerability. Still undergoing technical improvements, it’s expected to enhance web security when widely adopted. Tech giants like Google, Meta, and Microsoft … Read more