Apple releases Safari 3.1.1 to address four security issues
The 39MB release, available for both Macs and Windows PCs, is recommended for all Safari users and includes improvements to stability, compatibility and security.
Specifically, Apple said the update patches four security issues, including a heap buffer overflow that existed within the browser's WebKit framework for handling JavaScript regular expressions.
The issue was reported by Charlie Miller, who discovered and exploited the vulnerability on a MacBook Air to win a $10,000 prize at last month's CanSecWest security conference.
The Safari 3.1.1 update also addressed a second issue within WebKit's handling of URLs containing a colon character in the host name. By exploiting that vulnerability, a hacker could use a maliciously crafted URL to lead a cross-site scripting attack, Apple said.
Two other issues with the Safari application itself were also addressed, though they concerned only the PC version of the browser. One of those issues made it possible for a maliciously crafted website to control the contents of a user's address bar, while the other made it possible for maliciously crafted website to cause arbitrary code execution or the Safari application to unexpectedly quit.
19 Comments
Do they patch this kind of stuff in webkit in parallel?
Do they patch this kind of stuff in webkit in parallel?
I'm not liking this new safari 3.1.1. It's been doing weird things and it seems to hang.
I'm not liking this new safari 3.1.1. It's been doing weird things and it seems to hang.
I noticed that too until I reset Safari. Now much better.
What's going on in Safari that requires a reboot to update? If it's that tightly integrated with the core of the OS, didn't that contribute to the security liability that took down the Air in that contest?
What's going on in Safari that requires a reboot to update?
My concerns as well. I'm not a fan of teh way Leopard goes into another mode to install system updates, requires more reboots for regular apps and that the updates seem overly large in size.