Apple Safari update patches several security vulnerabilities and improves stability for Mac and Microsoft Windows.
Apple Safari update patches four security issues, including a heap buffer overflow that existed within the browser's WebKit framework for handling JavaScript regular expressions. An exploit using Safari on the MacBook Air was also addressed.
By: Kristin Turner
Apr 16, 2008 23:19 PM GMT
Apple, Inc released Safari version 3.1.1 on Wednesday which includes improvements for stability, compatibility and security.The 39 MB release, available for both Mac and Windows PCs, is recommended for all Safari users. Apple said the Safari update patches four security issues, including a heap buffer overflow that existed within the browser's WebKit framework for handling JavaScript regular expressions. An exploit using Safari on the MacBook Air was also addressed. Safari 3.1.1 update addressed a second issue within WebKit's handling of URLs containing a colon character in the host name. By exploiting that vulnerability, a hacker could use a maliciously crafted URL to lead a cross-site scripting attack. Another significant issue fixed was the possibility for a maliciously crafted website to control the contents of a user's address bar. A second issue concerning the user's address bar was fixed, which made it possible for maliciously crafted website to cause arbitrary code execution or cause the Safari application to unexpectedly quit.
|
