The Safari 3 Public Beta was released for users of Windows XP/Vista and Mac OS X on the 11th of June. The beta version of the browser was for a preview trial build and intended to collect user feedback prior to the final build. It was riddled with bugs and issues. Security flaws abounded in the first attempt by Apple to introduce Safari to Windows users who have slammed it as being broken.
This for the browser that Apple touted as enabling "worry-free" browsing. "Apple engineers designed Safari to be secure from day one," the company said on its Web site. Researchers were finding security flaws in the new browser's coding within one hour of its release.
In response to the reports, Apple has quickly deployed an update which fixes some security issues.
Safari 3.0.1 Public Beta for Windows is now available (3 days after Safari 3.0) and addresses the following issues in Safari 3 Public Beta:
CVE-ID: CVE-2007-3186
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to arbitrary code execution
Description: A command injection vulnerability exists in the Windows version of Safari 3 Public Beta. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser.
CVE-ID: CVE-2007-3185
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Description: An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website. This issue does not affect Mac OS X systems.
CVE-ID: CVE-2007-2391
Available for: Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site scripting
Description: A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page. This issue does not affect Mac OS X systems.
The update is available via the "Apple Software Update" application,
which is installed with the most recent version of QuickTime or iTunes on Windows.
Safari 3.0.1 Public Beta for Windows is also available via Apple's
Safari download site at: http://www.apple.com/safari/download/
Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Safari+QuickTime for Windows XP or Vista
The download file is named: "SafariQuickTimeSetup.exe"
Meanwhile Apple has reported 1 million Safari for Windows downloads and has gained maximum awareness through the publicity of Safari's issues.
You can report bugs/issues or security flaws and vulnerabilities to product-security@apple.com
Aeronautics
1 year ago
0 comments:
Post a Comment