Skip to main content

Apple Safari Browser May Have Security Issues According To Google

By September 29, 2017May 22nd, 2021Cybersecurity

Google’s Project Zero Team has created a new tool for testing web browsers in order to gauge how secure they are.

The team recently conducted an extensive test on the top five web browsers in use today:

• Chrome
• Firefox
• Safari
• Edge
• Internet Explorer

The results weren’t pretty.

The new tool, called “Domato” specifically looks for security flaws in the DOM engine, which is used by all of the major browsers, making it the most logical attack vector for hackers once Flash reaches its end of life in 2020. The goal of the team is to start identifying weaknesses in each browser’s DOM engine now, so that companies can begin addressing those issues before they get used against the public at large.

Their tests revealed that Chrome had two critical DOM Engine security flaws, Firefox and IE both had 4, Edge had six, and Safari took the dubious top honor with seventeen.

The tool was created by Ivan Fratric, who contacted all the companies responsible for the browsers and shared his results with them. He also made Domato’s source code available on GitHub to encourage researchers from those companies to test and experiment for themselves.

So far, none of the companies responsible for maintaining those different browsers have formally responded, but you can bet plans are already being drawn up to begin addressing the security flaws found before new lines of attack can be drawn up using them.

Perhaps the biggest surprise coming out of the recent test was how poorly Apple’s Safari browser fared. Apple has long been known for having a relatively more secure operating environment, which is a point of pride among the company’s loyal user base, but as this latest test shows, that’s no longer something the company can take for granted.

In any case, this is a sign of things to come. Once Flash goes away forever, you can bet hackers will begin gleefully exploiting any weaknesses in a web browser’s DOM engine code that haven’t been shored up.

Chris Forte

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.

Leave a Reply