440Forums  |  MacMusic.org  |  PcMusic.org  |  440tv  |  Zicos  |  AudioLexic
and   {key13}


Safari 3.1.1 Addresses Security Issues

TidBITS

Thursday April 17, 2008. 03:10 AM
TidBITS

Apple has released Safari 3.1.1 for Mac and Windows, a security update that fixes a vulnerability exploited in the recent Pwn2Own hacking contest at the CanSecWest conference (see "Apple Becomes First Victim in Hacking Contest," 2008-03-28). According to the security release notes for Safari 3.1.1, the update tackles the JavaScript weakness in WebKit exposed at the conference by "performing additional validation of JavaScript regular expressions" to prevent a heap buffer overflow.

A flaw where a colon character in a maliciously crafted URL could lead to a cross-site scripting attack has also been repaired. Two other fixes are specific to the Windows version of Safari: a timing issue that opened up control of the address bar and a memory corruption issue.

Safari 3.1.1 is available via Software Update or as a 39 MB download. It requires Mac OS X 10.4.11 or Mac OS X 10.5.2, or Windows XP or Vista on the PC. Copyright © 2008 Jeff Carlson. TidBITS is copyright © 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

READERS LIKE YOU! Support TidBITS with a contribution today!Special thanks this week to David Emery, Ken Wedding,Louise Asselstine, and Mark James Lee Ingle for their support!


 

Apple released Safari 3.1.1 Windows security update that fixes vulnerability Safari 3.1.1 Addresses Security Issues
Safari 3.1.1 Addresses Security Issues Read more at TidBITS
db.tidbits.com/article/9570?rss

 

 Related News 
Quick Tip of the Week: Reading PDFs in Safari Quick Tip of the Week: Reading PDFs in Safari
 Apple HotNews 04/29/08 02 AM 
Safari and .gov Websites: Support Improving Safari and .gov Websites: Support Improving
 TheMacObserver 04/28/08 10 PM 
Shouldn?t government sites be open to all browsers, including... Shouldn?t government sites be open to all browsers, including...
 Mac Daily News 04/28/08 04 PM 
Security vendors slam Defcon virus contest Security vendors slam Defcon virus contest
 Mac Central 04/28/08 11 AM 
QuickTime for Windows security flaw found QuickTime for Windows security flaw found
 Macworld UK 04/28/08 07 AM 
Safari 3.1.1 for Windows: Three Exploits Inside Safari 3.1.1 for Windows: Three Exploits Inside
 Mac Bidouille 04/25/08 10 PM 
Microsoft results hiding Vista issues? Microsoft results hiding Vista issues?
 MacNN 04/25/08 05 PM 
URL spoofing flaw affects Safari 3.1.1 URL spoofing flaw affects Safari 3.1.1
 MacNN 04/25/08 03 AM 
Boot Camp updates, Common Criteria security tools Boot Camp updates, Common Criteria security tools
 MacNN 04/25/08 12 AM 
URL Spoofing Issue Found in Safari 3.1.1 URL Spoofing Issue Found in Safari 3.1.1
 TheMacObserver 04/24/08 08 PM 
Safari Prairiefire 1.3 Finds Bookmark Duplicates Safari Prairiefire 1.3 Finds Bookmark Duplicates
 TheMacObserver 04/24/08 05 PM 
QuickTime Security Enhanced with Anti-Exploitation Technologies QuickTime Security Enhanced with Anti-Exploitation Technologies
 TidBITS 04/23/08 09 PM 
Visual Ajax Studio adds Leopard, Safari support Visual Ajax Studio adds Leopard, Safari support
 MacNN 04/23/08 05 PM 
PayPal Denies It Will Block Safari PayPal Denies It Will Block Safari
 Slashdot/Apple 04/22/08 04 AM 
PayPal denies plan to block Safari PayPal denies plan to block Safari
 Mac Central 04/22/08 01 AM 
Fixes for Leopard's AirPort issues Fixes for Leopard's AirPort issues
 MacFixIt 04/21/08 11 PM 
Paypal does not block Safari Paypal does not block Safari
 Mac Bidouille 04/21/08 04 PM 
Download any band's song off MySpace using Safari Download any band's song off MySpace using Safari
 MacOsxHints 04/21/08 04 PM 
PayPal: Safari Won't Get Blocked [Updated] PayPal: Safari Won't Get Blocked [Updated]
 TheMacObserver 04/21/08 03 PM 
PayPal: No plans to block Safari PayPal: No plans to block Safari
 MacNN 04/21/08 03 PM 
Apple concedes on pushing Safari to Windows users Apple concedes on pushing Safari to Windows users
 Macworld UK 04/21/08 10 AM 

Search

Mac Zicos
Sat July 4, 09:33 AM
and   {key13}