Apple plugs holes in WebCore, WebKit, and Safari 3.0 betaTwo new patches released by Apple Inc. on Friday afternoon address security issues with Mac OS X web frameworks and the company's recently-released Safari 3.0 beta for both Mac and Windows PCs.
Security Update 2007-006
The first of the two updates, Security Update 2007-006, corrects a HTTP injection issue that exists in WebCore's XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks, Apple said. The security update addresses the issue by performing additional validation of header parameters.
The patch also corrects an invalid type conversion that occurs when WebKit renders frame sets, which could lead to memory corruption. If exploited by a maliciously crafted web page, the vulnerability could lead to an unexpected application termination or arbitrary code execution, Apple said.
Security Update 2007-006 is available as a 2.7MB download for PowerPC Macs running Mac OS X 10.4.9 or later, a 4.5MB download for Intel Macs running Mac OS X 10.4.9, or a 2.2MB download for PowerPC Macs running Mac OS X 10.3.9.
Safari 3 Beta Update 3.0.2
Also on Friday, Apple issued Safari 3 Beta Update 3.0.2 for both Macs and Windows PCs. The updates includes both of the aforementioned fixes and adds two Safari-specific security enhancements.
The first, Apple said, applies to a timing issue in Safari Beta 3.0.1 for Windows that allows a web page to change the contents of the address bar without loading
the contents of the corresponding page.
The glitch, which does not apply to Mac OS X systems, could theoretically be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. Safari 3.0.2 addresses the issue by restoring the address bar contents if a request for a new web page is terminated.
"This could allow cookies and pages to be read or arbitrarily modified," Apple explained.
Safari 3.0.2, which was released via Apple's Software Update mechanism, addresses the issue by correcting access control to window properties.