Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Is Apple Safari 4.x truly a security threat?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Apple
And, this specific program:
Apple Safari 4.x

This thread has been marked as locked.
Yifter23 Is Apple Safari 4.x truly a security threat?
Member 12th Jun, 2009 00:40
Ranking: 0
Posts: 1
User Since: 4th Apr, 2009
System Score: N/A
Location: N/A
My Secunia PSI Security software on my laptop, just warned me that Apple Safari 4.x is a level 4 security threat. When I clicked on the "solution" button, I was presented with the option to "run" or "save" a presumably, more recent version of Apple Safari. Believing Apple to be the great company that it is, I "ran" the new Safari and installed it... thus replacing the old version of Safari that I had on my system.

What's the deal with Apple Safari supposedly being a "security threat?" Is Secunia PSI just off base? I'm completely confused. Apple is one of the most reliable and stand up computer companies in the world... I think. Can someone a bit smarter than me explain this confusing claim from my Secunia PSI softwar to me?

Thanks mates!
Mao

Maurice Joyce RE: Is Apple Safari 4.x truly a security threat?
Handling Contributor 12th Jun, 2009 21:27
Score: 11590
Posts: 8,901
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Safari has had 4 Highly Critical Vunerabilities so far this year & a total of 8 in 2008.

Check this link to see all the details:
http://secunia.com/advisories/search/?search=safar...



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
esnyder RE: Is Apple Safari 4.x truly a security threat?
Member 26th Jun, 2009 01:18
Score: 0
Posts: 3
User Since: 4th May 2008
System Score: N/A
Location: N/A
It may just be a quark. I am having a similar problem with PSI telling me I have version 3.525.29.0 installed when the file properties for Safari tell me it is 4.530.17.0 ... go figure.
Was this reply relevant?
+0
-0
wr RE: Is Apple Safari 4.x truly a security threat?
Contributor 26th Jun, 2009 02:07
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
After installing updates all the old files were not deleted or overwritten & PSI is detecting them also. To locate the exact file that the Secunia PSI has detected, please follow these guidelines using the
advanced interface:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
* Click on the entry of the program to “expand” it.
* Click on Technical details to see the installation path of the detected file.
* Remember the installation path and close down the menu.
* Click Open Folder and locate the detected file.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
esnyder RE: Is Apple Safari 4.x truly a security threat?
Member 26th Jun, 2009 02:24
Score: 0
Posts: 3
User Since: 4th May 2008
System Score: N/A
Location: N/A
That is exactly what I did to determine what PSI felt was the issue. PSI is reporting, under Technical Details, that I have version 3.525.29.0 installed for safari.exe. When I go to the folder, right click, select properties and examine the details tab, Windows reports that I have File version 4.530.17.0 installed.
Was this reply relevant?
+0
-0
esnyder RE: Is Apple Safari 4.x truly a security threat?
Member 26th Jun, 2009 02:59
Score: 0
Posts: 3
User Since: 4th May 2008
System Score: N/A
Location: N/A
Just an update, I resolved the issue.

I created a rule to ignore the issue, did a full system scan and deleted the rule.

When I deleted the rule, PSI came back with new program found and everything seems OK at this point.

Mao, you may want to try the same thing.
Was this reply relevant?
+0
-0
Jothore RE: Is Apple Safari 4.x truly a security threat?
Member 19th Nov, 2009 16:11
Score: 0
Posts: 1
User Since: 19th Nov 2009
System Score: N/A
Location: N/A
Please explain how "a rule is created" and then "deleted" Thanks
Was this reply relevant?
+0
-0
Anthony Wells RE: Is Apple Safari 4.x truly a security threat?
Expert Contributor 19th Nov, 2009 22:08
Score: 2426
Posts: 3,315
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello jothore ,

If you are new to PSI , here are some tips for using PSI "advanced" mode :-

To help resolve your problem , here are some instructions to help you first of all get the best out of PSI :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

In 6)above , in the toolbox is a link "ignore program" which sets the rule for you , after your confirmation . The set rule is displayed at the bottom of the "settings" tab which offers the "delete" function . This location also allows you to set a general rule , say for a "back up " drive , for example .

I would suggest that you need to be very careful/aware as to the consequences of setting an ignore rule .

Hope this helps.
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
michaelsalis RE: Is Apple Safari 4.x truly a security threat?
Member 20th Nov, 2009 05:12
Score: 57
Posts: 141
User Since: 18th Feb 2009
System Score: 98%
Location: UK
Despite what so many people say about how much more secure Apple products are I would still be as careful with them as any other Companys' products.

Secunia shows both iTunes 9.x and Apple Quicktime 7.x as fully patched on my computer but the latest patches were needed in both programs to close a Category 4 Security Threat.

I mention this not to blacken Apples name but to suggest we should be careful about the security of products from any Company.

Michael

--
Michael
Toshiba Satelite A660
Intel i7
Windows 7 Ultimate
IE9

Toshiba Equium Laptop
Intel Centrino Duo
Windows Vista Ultimate SP2
IE9
Was this reply relevant?
+0
-0
thedillpickl RE: Is Apple Safari 4.x truly a security threat?
Contributor 22nd Nov, 2009 05:35
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
To whom it may concern;

It's not Apple products that are necessarily more secure, their OS running on their platform is more secure. In other words, Apple software written for Windows is neither more nor less secure than anyone elses. Their software is probably more secure than most 3rd party software, but that's a disscusion for later.

Bottom line; If you are unsure about any software, for any reason, you really should check it out.


regards;
Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
carlos_ferrero RE: Is Apple Safari 4.x truly a security threat?
Member 16th Dec, 2009 21:11
Score: 0
Posts: 2
User Since: 12th Dec 2009
System Score: N/A
Location: N/A
Last edited on 16th Dec, 2009 21:12
I disinstalled Safari 4.x. I mean I erased every bit of its presence in my PC. I restarted the computer. I checked that there were no residues of its passage, cleaning the computer and the registry with CCleaner. However, Secunia continues to detect Safari 4.x as a security Threat, even though it does not exist in my computer anymore. Secunia also detects Mozilla Firefox TWICE as a security threat and continues to detect it as a security threat even after I have downloaded the latest version, 3.5.6 as recommended by Secunia.

Can anyone, wiser and more experienced than me explain this bizarre behavior?

Carlos Ferrero
Was this reply relevant?
+0
-0
Anthony Wells RE: Is Apple Safari 4.x truly a security threat?
Expert Contributor 16th Dec, 2009 21:20
Score: 2426
Posts: 3,315
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Carlos ,

PSI has found some old files somewhere .

Look at my post higher up this thread and follow the instructions . if you cannot resolve the problem , let us know the details asked for and someone will be able to advise you.

Anthony.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
carlos_ferrero RE: Is Apple Safari 4.x truly a security threat?
Member 17th Dec, 2009 17:04
Score: 0
Posts: 2
User Since: 12th Dec 2009
System Score: N/A
Location: N/A
Thank you Anthony:

I forgot I have a mirror Hard Disk with all the insecure and "end of life" programs and extensions installed there.

Everything is working fine now.

Have a nice day!

Carlos
Was this reply relevant?
+0
-0
Anthony Wells RE: Is Apple Safari 4.x truly a security threat?
Expert Contributor 17th Dec, 2009 18:16
Score: 2426
Posts: 3,315
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Thanks for your update , Carlos .

Glad you're sorted .

Seasons Greetings
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability