Apple operating systems have always been regarded as more secure than the popular Microsoft brand. The Mac OS X is now their flagship system and endures far fewer hacking attempts and malware attacks than Windows. Even though Apple is devoted to designing their systems with sound security, the same can’t be said for their Safari browser.
Safari and Phishing
In the eyes of PayPal, the Safari browser is suffering tremendously in the way of security, warning that the lack of two critical anti-phishing features could lead users directly into an online scam. Safari lacks the phishing filter used in browsers like Internet Explorer to warn users when they are visiting fraudulent websites. Some browsers give warnings in the form of a message while others identify legitimate sites with a color coding technology called EV (Extended Validation) certificates; Safari does neither. Currently, the strongest Safari offers in terms of security is SSL encryption to protect internet communications.
EV certificates are an emerging technology supported in Internet Explorer version 7.0., a security mechanism that has been used on the PayPal website for over a year. When IE 7 takes a user to the official website, their browser address bar turns green, indicating that the site is legitimate. It’s been reported that upcoming versions of Firefox and Opera will support this technology as well.
PayPal representative Michael Barrett says that according their data, the EV certificates have had a tremendous impact on the decline in successful phishing scams. He states that users of Internet Explorer 7 are more likely to sign onto the PayPal site than those who aren’t equipped with adequate security, primarily because they are more confident in its legitimacy. Barrett goes on to say that users have been more willing to proceed with the PayPal login process over the past year. PayPal bases this on what they call abandonment rates, a number that is reported
to be considerably lower for Internet Explorer 7 users.
The Safari browser is currently the default browser for Apple’s Macintosh and other products, such as the iPhone. It is also available for PC users. With the lack of anti-phishing technology, representatives at PayPal and other security professionals have suggested the use of alternative browsers. Firefox and Opera both run on Macintosh systems and are far more secure at this point.
More Recent Vulnerabilities
Apple recently released security patches for the Safari browser this past May. These fixes were distributed to mend vulnerabilities that could be easily exploited to execute arbitrary code or launch cross-site scripting attacks when a user accesses a malicious site. The source of the problem results from an open-source HTML rendering engine known as WebKit, a tool used by the Safari browser. This vulnerability can enable cross-scripting when tampered URLs have been opened. These patches were also distributed for an integer overflow error that could enable attackers to cause buffer overflows. Apple applied patches to their Macintosh systems, which were affected to a lesser degree, while securing Windows versions with four separate patches, as they were hit the hardest.