macnn

06/30/2008, 7:05pm, EDT

Monday, June 30th

Safari 3.1.2 fixes critical security flaws

Apple on Monday released Safari 3.1.2 for Mac OS X v10.4.11, which fixes an issue that could lead to arbitrary code execution and patched another flaw that was previously corrected in the Mac version The company also released a slew of security fixes in Security Update 2008-004 and Mac OS X 10.5.4. The critical Safari flaw for Tiger -- which also affects the Windows version -- could allow a maliciously crafted website to terminate Safari or run a malicious program--due to a memory corruption issue. The update addresses the issue through improved bounds checking. It affects Windows XP or Vista, and also in systems running Mac OS X v10.5.4.

On the Windows side, the Safari 3.1.2 update also fixes two additional critical security flaws (one that also affects older Leopard and Tiger systems) that could lead to arbitrary code execution and one that could lead to information disclosure.

The updates also fix a problem where viewing a maliciously crafted BMP or GIF image may lead to information disclosure. Also fixed in the Tiger and Leopard security updates, an out-of-bounds memory error could lead to the disclosure of memory contents and personal information. The company said it addressed the issue by performing additional validation of BMP and GIF images and notes that this issue is addressed in systems running Mac OS X 10.5.3, and in Mac OS X 10.4.11 with Security Update 2008-003, which was released in late May.

In addition, Apple said that an issue exists in how the Windows desktop handles executables, that saving untrusted files to the Windows desktop may lead to the execution of arbitrary code. Apple said that Safari browser had been updated to prompt the user prior to saving a download file and that the default download location has been changed to the user's Downloads folder on Windows Vista and to the user's Documents folder on Windows XP.


Filed under: security, software
Other story tags: Windows, Safari

, , comment, del.icio.us, slashdot, digg, buzz


post a comment
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
Be the first to post comments on this story.
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

IT Education and Training at University of Phoenix®: View our complete list of Information Technology Courses and Programs. Official Site.

Get an IT Degree Online: Get solid credentials. Take your hobby to the next level. Adult Programs. Affordable.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.