SANS ISC: Apple Released Safari 5.1.4

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

Apple released Safari 5.1.4 for Windows as well as for OS X.

This update addresses a large number of bugs in Safari itself and in WebKit. Some of the issues fixed:

- Safari for Windows: An International Domain Name (IDN) issue with look alike characters. (I just patched Safari for OS X, and oddly, Safari still appears to render .com domains using international characters vs. punny-code. Firefox and Chrome do not show international characters for .com )

- All versions of Safari: While private browsing was active, sites were still recorded in the browsing history.

- 5 different cross site scripting vulnerabilities in WebKit

- a cookie disclosure vulnerability (WebKit)

- a cross origin issue in Webkit.

- 40 or more webkit issues that could lead to arbitrary code execution.

The update should be listed eventually at the standard Apple security URL: http://support.apple.com/kb/HT1222 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter