Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Safari 4.0.2 update published InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Safari 4.0.2 update published

Published: 2009-07-08
Last Updated: 2009-07-08 23:28:10 UTC
by Andre Ludwig (Version: 1)
0 comment(s)

It looks like Apple released safari 4.0.2 for OS X and Windows platforms.

It would appear that this new versions addresses the following security related issues in WebKit (as well as some performance increases in the nitro JS engine).

Detailed information can be found at Apples KB article: http://support.apple.com/kb/HT3666

 

CVE-ID: CVE-2009-1724
Impact:
  Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.

CVE-ID: CVE-2009-1725
Impact:  Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
Description: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.
 

You can get the new version of Safari at the url below.

http://www.apple.com/downloads/macosx/apple/application_updates/safari.html

Keywords: safari
0 comment(s)
Diary Archives