macnn news
Text Size

Safari 3.01 for Windows fixes security flaws

updated 09:20 am EDT, Thu June 14, 2007

Safari 3.01 for Windows

Apple has released Safari 3.01 for Windows, an update to the public beta that was announced earlier this week. The browser, now available for Windows XP and Vista, is based on the same WebKit foundation as the Mac and iPhone version. Although specific details of the update were not provided via Apple's security website, the release comes on the heels of criticism of Apple by researchers who claim to have found more than 18 security flaws in the Safari browser within a few days of its release.

The updated Safari download is not specifically noted on Apple's website, but it is available via the Apple Software update on Windows or via Apple's website. According to Macworld, the security improvements in Safari Beta 3.0.1 include a correction for a "command injection vulnerability," remedied with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser; an out-of-bounds memory read issue; and a race condition that can allow cross-site scripting using a JavaSscript exploit. The report said that these flaws do not affect the Mac version.

By MacNN Staff

Article Tags :

E-Mail
Print
Comments (6)
digg
buzz up
slashdot
del.icio.us
tweet

Related Articles

Recent Articles

 
Previous Comments

maybe now...

06/14, 09:59am reply

...Maynor will play nice. Apple fixed these in near-record time. Perhaps he, and the MOAB couple can stop throwing tantrums and be more professional. We'll see.

I'm sick of self-proclaimed security experts acting like skateboarders who just went thru your plate glass window and then shrug and tell you it was your fault for not having safety glass.

jpellino

Fresh-Faced Recruit

Joined: Oct 1999

0

Maynor...

06/14, 10:29am reply

...will never play nice; especially now that he is getting so much attention from his claim that he intends to hack the iPhone.

dws

Forum Regular

Joined: Apr 2001

0

Re: maynor

06/14, 11:32am reply

BTW, they announced the bugs but did not disclose them. Not sure what isn't 'playing nice' in that regard.

And if it was anyone else, you wouldn't be able to wait for someone to hack it so you could add your own software and the like.

testudo

Fresh-Faced Recruit

Joined: Aug 2001

0

re: maybe now

06/14, 11:51am reply

While a bit sensationalistic, a security firm should be announcing but not disclosing bugs (except to Apple).

hayesk

Professional Poster

Joined: Sep 1999

0

"security firms"...

06/14, 04:07pm reply

are often just the guy from the SouthPark WoW episode.

rtbarry

Fresh-Faced Recruit

Joined: Aug 2001

0

its all about the 'ttude

06/15, 07:01am reply

jpellino: "I'm sick of self-proclaimed security experts acting like skateboarders who just went thru your plate glass window and then shrug and tell you it was your fault for not having safety glass."

Oh yeah, you nailed it. It's all about the 'ttude . . . and I'm sick of him and his lot too.

Sprocket

Fresh-Faced Recruit

Joined: May 2002

0

Popular News