The Browser Report

PC World - SDK Showdown: Apple IPhone vs. Google Android

Jason Cline, a senior software engineer at Web application developer Sitepen, says that the broad differences between the iPhone and Android SDKs are related to trade-offs between greater freedom and greater accessibility.

For this blog’s audience, the key difference may be that you’re guaranteed a level playing field when you develop for iPhone, but Android will run on disparate platforms resulting in heterogenous device capabilities and quirks.

About the security content of Safari 3.1.1

Safari 3.1.1

* Safari,
CVE-ID: CVE-2007-2398
Available for: Windows XP or Vista
Impact: A maliciously crafted website may control the contents of the address bar
Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.

* Safari,
CVE-ID: CVE-2008-1024
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.

* WebKit,
CVE-ID: CVE-2008-1025
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Visiting a malicious website may result in cross-site scripting
Description: An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.

* WebKit,
CVE-ID: CVE-2008-1026
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller, Jake Honoroff, and Mark Daniel working with TippingPoint’s Zero Day Initiative for reporting this issue.”

(Via .)

Macworld | Review: Safari 3.1

“Macworld’s recent review of Safari 3.0.4 () highlighted the browser’s excellent—and constantly updated—support for modern Web standards. Continuing that trend, the just-released Safari 3.1 not only stays at the head of the pack in standards support, but also becomes the first browser to work with such up-and-coming technologies as CSS Animations and the audio and video tags in HTML version 5, which is still in draft mode.”

(Via Macworld.com)

Ars Technica’s Infinite Loop blog is reporting Net Applications data showing that as of March 2008 84.36% of Safari users are using version 3, compared to 9.96% on version 2.0 and 5.67% on version 1.

Overall Safari usage rebounded after slipping slightly in February to match the high water mark set in January at 5.82%.

Mac OSX has 7.48% marketshare according to this data. Of that, 60.69% is using Intel chips.