Can you comment on the security issues related to the WebKit framework? It was exploited in a variety of attacks...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
or proof-of-concept demonstrations in the past year, but to what extent is it a concern for enterprises in regard to Web browser attacks?
WebKit is an open source Web browser layout engine designed to enable Web browsers to render webpages, follow links, manage a back-forward list and a history of recently visited pages. WebKit is used in Google Chrome and Apple Safari, which together have more than 20% of the browser market. It is also used in the Silk browser included with Amazon’s new Kindle Fire tablet, as well as the browsers in the iOS, BlackBerry, Symbian and Android mobile operating systems. Applications on a variety of platforms use it to render email messages that include HTML such as Apple's email client Mail on the Mac and Microsoft's Entourage personal information manager.
Ubuntu recently fixed 22 vulnerabilities in the WebKit framework that's part of its operating system, while Apple has implemented new sandboxing techniques in the WebKit framework. (Sandboxing is a method of isolating a process and the resources it has access to in order to prevent any malicious or faulty code in it from interfering with other running processes and system resources.)
All browsers suffer from security vulnerabilities, and due to their complexity, this is unlikely to change anytime soon. The only difference with the security issues in WebKit is many users will be unaware they are even using a WebKit-based browser. WebKit is used in many mobile devices but this is not immediately apparent unless you do the research to fully understand how different devices provide the services they offer. Anyone responsible for running an enterprise IT infrastructure needs to be aware of which sub-components the devices they operate are running.
With any software that comes preinstalled on devices your enterprise manages, or that you subsequently install, it is imperative that you subscribe to the security alerts and updates provided by both the software and device vendors, as well as any related security forums to ensure you keep up to date with the latest vulnerabilities and patches. You can then take informed decisions and actions to keep your enterprise secure.
Dig Deeper on Web Server Threats and Countermeasures
Related Q&A from Michael Cobb
Amazon disabled native encryption capabilities in the latest Fire OS version. Expert Michael Cobb explains what this means for security, and if ...continue reading
A pirated app called Happy Daily English beat Apple's App Store security review. Expert Michael Cobb explains how it works and what security teams ...continue reading
The Lenovo SHAREit file-sharing app has a hardcoded password vulnerability, among other issues. Expert Michael Cobb explains these flaws and how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.