Safari Bonjour has some issues
Apple’s Safari browser has any number of good points. Unfortunately, there are a few significant issues with the Apple browser, one of which is Bonjour.
Although Safari has outstanding features in the areas of anti-phishing and pop-up blocking, it still has a number of security flaws, according to an article by Infoworld. The browser works on OSX, of course, and is also available in versions for Windows and in a mobile edition for the iPhone and the iPod touch.
One of those flaws is to be found in the Bonjour service, which is installed with the browser. Bonjour has a number of useful applications, such as configuring printers, looking for file sharing opportunities, and finding instant messaging peers. It also allows Safari to find additional Web pages on the network on which it is running.
Bonjour is Apple’s implementation of Zeroconf, a service discovery protocol. Bonjour locates devices such as printers, as well as other computers, and the services that those devices offer on a local network using multicast Domain Name System service records. The software is built into Apple’s Mac OS X operating system from version 10.2 onwards, and can be installed onto computers using Microsoft Windows operating systems (it is installed with iTunes as well as Safari, for example).
It performs this function, however, by advertising itself on the local network, which can cause problems. In general, security experts do not like programs that act this way, feeling that they are simply asking for trouble when they advertise. These preferences have been borne out; Bonjour has been involved in some security exploits. It can, of course, be disabled, though updates often re-enable it.
Bonjour services are usually installed without explicit user permission. The system is often not even required by the application with which it is bundled. Although it generally plays nicely with Windows and most anti-virus systems, some corporate firewalls may raise a warning when Bonjour attempts to broadcast the availability of network services. In addition, some technical forums have reported that the service can disable a configured internet connection.
Some IT managers dislike it for the problems that it causes, the security issues that it has raised, and because it is not a well-supported product, not to mention the 26 vulnerabilities announced over the past year. It is also not a very granular product and therefore does not lend itself to usage by exception. Security-minded users and managers will have to decide if Safari’s poor cipher support, lack of security zones, and lack of enterprise features are worth the benefits of discovery it provides.
Related Posts:
January 31st, 2009
This is like the biggest load of crap I’ve ever heard. No offense but you have no clue what you’re talking about. You should find a new career. Blogging isn’t your thing. I heard that some security experts and IT managers think you’re an imbecile.
January 31st, 2009
And Internet Explorer 6/7, which is most commonly used in industry, is almost flaw free?!
Nah. Safari is better than IE, but Firefox is arguably better than Safari from an IT manager’s point of view.
You make it sound as if Safari is the only browser with problems. IE is known to be very, very flawed and very, very slow. Shame this hasn’t been acknowledged in the article.