Apple plays catch-up, adds anti-fraud safeguard to Safari

Also patches 11 bugs in Windows browser, 4 in the Mac version

Apple Friday added anti-phishing protection to Safari, the last major browser to receive the feature that blocks known identity-stealing sites. The company also patched 11 security bugs in the program, the bulk of them specific to the Microsoft Windows version.

Released Thursday, Safari 3.2 includes a new feature, dubbed "Fraudulent sites" in the browser's options listing. However, Apple did not update either Safari's help file or its online documentation with any additional information about the tool, including how it works, what database it uses to "blacklist" sites and whether it relays URLs back to Apple for checking or relies on a locally-stored database.

The Safari 3.2 end-user licensing agreement (EULA) does not include any mention of the new tool, and Apple did not respond to questions about the feature.

Apple nearly pulled the trigger on an anti-phishing add-in in 2007, when it had planned to incorporate it into Safari 3.0. However, it dropped the feature prior to releasing the browser as part of the upgrade to Mac OS X 10.5, also known as Leopard, in October 2007.

Earlier this year, PayPal, eBay's payment service and the frequent target of fraudsters, announced it would block browsers that don't include anti-phishing features from accessing its site. Of the then-current major browsers, only Apple's lacked such a feature. A few days later, however, PayPal backed off, saying it had no intention of keeping Safari users from its site.

At the time, PayPal also said that the lack of support for Extended Validation (EV) certificates, a more regulated version of SSL (Secure Socket Layer) certificates, would bar a browser from its service as well. EVs are meant to reassure users that the online site is legitimate; browsers that support them typically signal that the site is safe by a change to the address bar.

Apple's announcement that it had added support for EVs was cryptic: The only mention was in the typically-terse description of the 3.2 update, which said "features ... better identification of online businesses."

Unlike rival browsers such as Mozilla's Firefox and Microsoft's Internet Explorer, however, Safari doesn't modify the address bar when it reaches a site with an EV certificate. Instead, it adds a small button to the upper right of the window that names the company owning the certificate. A small locked padlock symbol appears beside the button. Clicking on the button brings up details on the certificate.

Apple also patched 11 vulnerabilities in the Windows version, and four in the Mac OS X edition, with the upgrade to Safari 3.2.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags safari

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?