Apple plugs security holes in Safari on Mac, PC

Elinor Mills | Apr 17, 2008

Apple released an update to the Safari browser that plugs security holes on Macintosh and Windows machines.

Safari 3.1.1 fixes two Safari vulnerabilities that affect Windows XP or Vista and two WebKit vulnerabilities that affect Mac OS and Mac OS X Server versions 10.4.11 and 10.5.2, as well as Windows XP or Vista.

One of the two WebKit vulnerabilities could put computer users at risk of a cross-site scripting attack that can inject malicious code onto a victim's computer. The vulnerability was discovered during the PWN to OWN contest at CanSecWest last month by Dan Charlie Miller, Jake Honoroff, and Mark Daniel of Independent Security Evaluators.

The other WebKit vulnerability could lead to an unexpected application termination or arbitrary code execution. Apple credited Robert Swiecki of the Google Security Team and David Bloom for reporting this issue.

The remaining two vulnerabilities, which affect only Windows XP or Vista, could lead to an unexpected application termination or arbitrary code execution, or control the contents of the address bar and spoof the contents of a legitimate site.

The Windows version of Safari 3.1.1 can be downloaded from CNET's Download.com here and the Mac version here.

Via CNET News.com

Filed under: Notebooks, PC & Peripherals
Leave a comment | Bookmark | Share