Thursday April 17, 2008. 03:10 AM
TidBITS
Apple has released Safari 3.1.1 for Mac and Windows, a security update that fixes a vulnerability exploited in the recent Pwn2Own hacking contest at the CanSecWest conference (see "Apple Becomes First Victim in Hacking Contest," 2008-03-28). According to the security release notes for Safari 3.1.1, the update tackles the JavaScript weakness in WebKit exposed at the conference by "performing additional validation of JavaScript regular expressions" to prevent a heap buffer overflow.
A flaw where a colon character in a maliciously crafted URL could lead to a cross-site scripting attack has also been repaired. Two other fixes are specific to the Windows version of Safari: a timing issue that opened up control of the address bar and a memory corruption issue.
Safari 3.1.1 is available via Software Update or as a 39 MB download. It requires Mac OS X 10.4.11 or Mac OS X 10.5.2, or Windows XP or Vista on the PC. Copyright © 2008 Jeff Carlson. TidBITS is copyright © 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.
READERS LIKE YOU! Support TidBITS with a contribution today!Special thanks this week to David Emery, Ken Wedding,Louise Asselstine, and Mark James Lee Ingle for their support!
440Forums |
MacMusic.org |
PcMusic.org |
440tv |
Zicos |
AudioLexic
