Report blames WebKit for Safari, Chrome flaws

Report blames WebKit for Safari, Chrome flaws

Cenzic's web application security report for the first half of the year blames WebKit problems and phone software bugs for Safari and Chrome flaws. WebKit is a layout engine designed to allow web browsers to render web pages.

WebKit provides a set of classes to display web content in windows, and implements browser features. It was originally created as a fork of KHTML as the layout engine for Apple's Safari, but is now portable to many other computing platforms and is used in Google's Chrome Browser.

The "Cenzic Q1,Q2 2010 Trends Report" (http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2010.pdf) saw a reduction in web application related vulnerabilities as a percentage of total reported vulnerabilities in commercial products. Web vulnerabilities were at about 66% of total reported vulnerabilities of 4,019 that included web, network and other infrastructure vulnerabilities. The good news is that this is a positive trend compared to second half of 2009 when Web related vulnerabilities comprised 82 percent of total vulnerabilities. However the bad news is that in absolute terms there were 2,645 Web vulnerabilities, almost identical to the previous period.

More concerning, according to Cenzic (which provides software and SaaS solutions), is that 60% of these vulnerabilities still have no known fix available. Even more troubling, about 45% of the web vulnerabilities have an exploit code publicly available which means any hacker can easily look it up and use it to attack Websites that have not patched these vulnerabilities. And, making it worse, almost 1,000 Web related vulnerabilities that had no known solution had a public exploit available.

"As in the previous periods, we also looked at vulnerabilities in various browsers," writes Cenzic. "Both Internet Explorer and Mozilla Firefox showed improvements in reported vulnerabilities. IE had 40 vulnerabilities compared to 44 in the second half of 2009 and Firefox went down to 59 compared to 77 in the previous six months. What was unexpected was the dramatic increase in vulnerabilities in Apple’s Safari that soared from 25 in the previous period to 83 in this period and Google Chrome which jumped to 69 from 25 in the second half of 2009. Opera also saw an increase but continue to have the least number of vulnerabilities among browsers. The spike in Safari and Chrome vulnerabilities can be attributed to vulnerabilities in the rendering engine shared by both called WebKit as well as iPhone and Droid related vulnerabilities. We want to acknowledge the tremendous work that all browsers have done in fixing these vulnerabilities quickly. Patching ranged from 78% to 92% depending on the browser."

 
AAPL
$282.52
Apple Inc.
-1.23
MSFT
$24.38
Microsoft Corpora
-0.11
GOOG
$525.62
Google Inc.
-0.17
MacTech Search:
Community Search:
See All

Introducing the App Hall of Fame!
App discoverability continues to be a real issue. With the fast churn of apps in the App Store, an app has only a few weeks of promotional life in it before it‚Äôs largely forgotten. There are a few things developers can do to fix that, but those... | Read more »
Gobliiins Are Coming
In the midst of the huge Q4 launch schedule, the cult classic, Gobliiins, as well as the rest of the trilogy, are being ported to the iPhone in all of their original glory. The Goblins trilogy was a quirky Atari/Amiga game series from the early 90‚Äôs... | Read more »
myPhoneDesktop – Chrome to iPhone Extens...
Anyone who has used myPhoneDesktop knows that it is a fantastic tool for streamlining your onscreen workflow. Instead of having to type line after line into your phone directly, you can use myPhoneDesktop to type from your computer directly into... | Read more »
Classes Review
Developer: Dustlab Price: $0.99 Version Reviewed: 2.4.7 iPhone Integration Rating: 3 out of 5 stars User Interface Rating: 4 out of 5 stars Re-use / Replay Value Rating: 3 out of 5 stars Overall Rating: 3.33 out of 5 stars | Read more »
AutoVerbal Talking Soundboard Pro helps...
Being able to speak and communicate with others is something that many of us take for granted. It‚Äôs not so easy for many folks though, in particular for individuals with autism spectrum disorders, as well as those who have suffered various brain... | Read more »
Pocketbooth Review
Developer: Project Box Price: $0.99 Version Reviewed: 1.0 iPhone Integration Rating: 4 out of 5 stars User Interface Rating: 4 out of 5 stars Re-use / Replay Value Rating: 4.5 out of 5 stars Overall Rating: 4.17 out of 5 stars | Read more »
Get Your Roast Right With ‘Time To Roast...
Roasting meat, in the cooking world, is about as simple as it gets. The greatest roast recipe I‚Äôve ever found is from Michael Ruhlman‚Äôs website, with the recipe titled, ‚ÄúThe World‚Äôs Most Difficult Roasted Chicken Recipe.‚Äù | Read more »
See All

  • Generate a short URL for this page:



All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.
Greetings, and welcome to the new MacTech web site! Our home page is designed to be your Industry Dashboard -- so you can have a snapshot of all that's relevant in the industry in one easy location. Many readers tell us that because the information is updated so frequently, they are now checking the site multiple times a day. Here's a quick run down of the features on the new web site, which can be subtle. We truly hope you register so that we can keep you up to date about new features as they are implemented. And, please use the BETA button in the top right to provide us any feedback, suggestions or bugs. We love to hear from you.