Apple Releases Security Update For Safari


Recommended Posts

12 August 2009, 09:27

Apple releases security update for Safari

Apple have released Safari 4.0.3, a security update for the Safari web browser, to address a number of issues. Six problems are addressed; critical bugs, including a heap buffer overflow in CoreGraphics when drawing long text strings and a buffer overflow when handling EXIF metadata on Windows XP and Vista which may lead to arbitrary code execution or crashes. Another buffer overflow, this time in WebKit, affects Windows and Mac OS X, and could lead to crashes or malicious code execution.

Other issues include the ability for a malicious web site to promote arbitrary sites into Safari's "Top Sites" page, disclosure of sensitive information, launching of file URLs and fixes to the handling of look-a-like characters in domain names. A proof of concept exploit has been released publicly for the "Top Sites" issue. The look-a-like character issue is a homograph spoofing attack, where a character from one character set, say a Cyrillic "a", is placed where a Latin character set "a" would be in a domain name. As these characters are visually very similar, it becomes difficult to determine that a domain name actually contains these substituted characters. This allows phishers to, for example, register a domain which appears to be www.paypal.com.

The update is available through Apple's Software Update service, or to download for Mac OS X 10.4.11, 10.5.7 and 10.5.8, Mac OS X Server 10.4.11, 10.5.7 and 10.5.8, and Windows XP and Vista.

Heise security - http://www.h-online.com/security/Apple-rel...i--/news/113979

Link to post
Share on other sites

Also another security update today that fixes a problem with a Unix utility that caused a DNS vulnerability. And a recent Airport update for some macbooks and macbook pros.

10.6 is Gold Mater so there's probably going to be more updates to tighten up 10.5 security and make things compatible with future software.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...