Safari Beta 3.0.2 beefs up security
updated 05:35 pm EDT, Fri June 22, 2007
Safari Beta 3.0.2
Apple today released Safari Beta 3.0.2, the latest revision of its Web browser for Mac and Windows systems that currently ranks as the third most used internet browsers on the market. The update appears as a separate, unique update released alongside Apple's Security Update 2007-006, which will not appear as an available update to Safari Beta 3.0.1 users. Apple's latest changes include fixes that prevent maliciously crafted websites from compromising the security of an affected Mac or Windows PC. [updated]
Safari-specific holes
In Safari Beta 3.0.1 for Windows, a timing issue allows a Web page to change the contents of the address bar without loading the contents of the corresponding page. The vulnerability could be used to spoof the contents of a legitimate site, allowing malicious users to gather credentials or other information. This update addresses the issue by restoring the address bar contents if a request for a new Web page is terminated, and the issue does not affect Mac OS X systems.
Safari's security model prevents JavaScript in remote Web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. The update addresses the issue by correcting access control to window properties. Apple offers credit to Lawrence Lai, Stan Switzer, Ed Rowe of Adobe Systems for reporting the issue.
WebCore/WebKit vulnerabilities
An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted Web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Apple offers credit to Richard Moore of Westpoint for reporting the problem.
An invalid type conversion when rendering frame sets could lead to memory corruption, possibly resulting in an unexpected application termination or arbitrary code execution when users visit a maliciously crafted Web page. Apple gives credit to Rhys Kidd of Westnet for reporting the issue.
