Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Safari 4.0.2 update published - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Safari 4.0.2 update published

It looks like Apple released safari 4.0.2 for OS X and Windows platforms.

It would appear that this new versions addresses the following security related issues in WebKit (as well as some performance increases in the nitro JS engine).

Detailed information can be found at Apples KB article: http://support.apple.com/kb/HT3666

 

CVE-ID: CVE-2009-1724
Impact:
  Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.

CVE-ID: CVE-2009-1725
Impact:  Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
Description: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.
 

You can get the new version of Safari at the url below.

http://www.apple.com/downloads/macosx/apple/application_updates/safari.html

AndreL

56 Posts

Sign Up for Free or Log In to start participating in the conversation!