| By Susan Bradley |
Security updates for all versions of Internet Explorer have been released this week, although Microsoft rates as “Critical” only the patches for IE 8 (on all versions of Windows) and IE 7 (Vista SP2).
Version 8 of Microsoft’s browser is now being included in automatic Windows updates for all users, so be sure to uncheck the IE 8 option if for any reason you wish to postpone upgrading from IE 7 to IE 8.
Update fixes hole found before IE 8’s release
Microsoft typically patches Internet Explorer every other month. This month’s IE patch is rated “Critical” for version 8 on all Windows versions and version 7 on Vista SP2. The update, described in Microsoft security bulletin MS09-019, combines several earlier IE fixes. It also patches a security hole first reported last March, just before Internet Explorer 8 was released.
At the Canadian Security Conference known as CanSecWest, a hacker named Nils broke into a prerelease version of IE 8 by finding a way to run .NET assemblies in the browser. As discussed in the Microsoft Security Research & Defense blog, the final version of IE 8 plugs this hole.
I’m not ready to give you the all clear for upgrading to Internet Explorer 8 because some Web sites don’t work correctly in the new version. Since you’ll be offered IE 8 automatically this month, be prepared to uncheck the IE 8 option before applying this month’s Windows updates. If you use XP, you can uninstall IE 8 only after you install Service Pack 3 (my apologies for getting this backward in my May 28 column).
Apple’s browser gets a bevy of security patches
Although the announcement of the new iPhone 3G S dominated Apple’s Worldwide Developers Conference this week, there was also significant news on the Safari front with the release of version 4. In fact, I thought Apple was rushing to release Safari 4 before fixing the holes in version 3. (See Figure 1.)
Then I read about the security patches described in the Apple security bulletin HT3613. In the webkit component alone, I counted fixes for 33 different vulnerabilities in this single update.