Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Safari 4.0 released - contains security fixes InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Safari 4.0 released - contains security fixes

Published: 2009-06-09
Last Updated: 2009-06-09 17:03:04 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

Apple released yesterday an update to Safari 4.0 (which had been in beta for quite some time)

The release also contains a large number of fixes for security vulnerabilities:

CFNetwork: CVE-2009-1704, CVE-2009-1716

ImageIO: CVE-2009-0040

International components for Unicode: CVE-2009-0153

libxml: CVE-2008-3281, CVE-2008-3529, CVE-2008-4409, CVE-2008-4225, CVE-2008-4226

Safari: CVE-2009-1682, CVE-2009-1706, CVE-2009-1707, CVE-2009-1708

Safari windows installer (no CVE name)

Webkit: CVE-2006-2783, CVE-2008-1588, CVE-2008-2320, CVE-2008-3632, CVE-2008-4231, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1690, CVE-2009-1691, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718

Needles to say, this update comes as highly recommended for anybody using safari.

Note some CVE names are quite old ... e.g. CVE-2006-2783 was first discussed more than 3 years ago in Mozilla (June 1st, 2006) and was fixed by Apple for iPhone and iPod almost a year ago (July 11th, 2008).

Swa Frantzen -- Section 66

Keywords: apple safari
0 comment(s)
Diary Archives