Security of The Safari Browser

Apple operating systems have always been regarded as more secure than the popular Microsoft brand. The Mac OS X is now their flagship system and endures far fewer hacking attempts and malware attacks than Windows. Even though Apple is devoted to designing their systems with sound security, the same can't be said for their Safari browser.

Safari and Phishing

In the eyes of PayPal, the Safari browser is suffering tremendously in the way of security, warning that the lack of two critical anti-phishing features could lead users directly into an online scam. Safari lacks the phishing filter used in browsers like Internet Explorer to warn users when they are visiting fraudulent websites. Some browsers give warnings in the form of a message while others identify legitimate sites with a color coding technology called EV (Extended Validation) certificates; Safari does neither. Currently, the strongest Safari offers in terms of security is SSL encryption to protect internet communications.

EV certificates are an emerging technology supported in Internet Explorer version 7.0., a security mechanism that has been used on the PayPal website for over a year. When IE 7 takes a user to the official website, their browser address bar turns green, indicating that the site is legitimate. It's been reported that upcoming versions of Firefox and Opera will support this technology as well.

PayPal representative Michael Barrett says that according their data, the EV certificates have had a tremendous impact on the decline in successful phishing scams. He states that users of Internet Explorer 7 are more likely to sign onto the PayPal site than those who aren't equipped with adequate security, primarily because they are more confident in its legitimacy. Barrett goes on to say that users have been more willing to proceed with the PayPal login process over the past year. PayPal bases this on what they call abandonment rates, a number that is reported to be considerably lower for Internet Explorer 7 users.

The Safari browser is currently the default browser for Apple's Macintosh and other products, such as the iPhone. It is also available for PC users. With the lack of anti-phishing technology, representatives at PayPal and other security professionals have suggested the use of alternative browsers. Firefox and Opera both run on Macintosh systems and are far more secure at this point.

More Recent Vulnerabilities

Apple recently released security patches for the Safari browser this past May. These fixes were distributed to mend vulnerabilities that could be easily exploited to execute arbitrary code or launch cross-site scripting attacks when a user accesses a malicious site. The source of the problem results from an open-source HTML rendering engine known as WebKit, a tool used by the Safari browser. This vulnerability can enable cross-scripting when tampered URLs have been opened. These patches were also distributed for an integer overflow error that could enable attackers to cause buffer overflows. Apple applied patches to their Macintosh systems, which were affected to a lesser degree, while securing Windows versions with four separate patches, as they were hit the hardest.


Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.