toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

Safari 4 resolves numerous security issues

updated 07:00 pm EDT, Mon June 8, 2009

Safari security updated V4

The new Safari 4.0, announced today at the WWDC keynote address, includes a host of security enhancements. Issues with CFNetworks have been resolved, with the program examining the content of CFNetwork files and treat them as HTML, and downloading files to the user's secure temporary direction location. CoreGraphics has also been enhanced, fixing memory corruption issues by improving bounds checking, error checking and input validation of TrueType font data.

ImageIO problems such as uninitialized pointer issues when opening PNG files have been resolved by performing additional validation of each image. V4.0 also fixes Internal Components for Unicode, improving handling of invalid byte sequences, therefore stopping attackers that attempt to bypass filters on websites.

libxml2 version 2.6.16 has numerous errors that can lead to application failure and arbitrary code negation. On Windows this is fixed by updating libxml2 to version 2.7.3, while on Mac OS X these issues are fixed by applying relevant patched.

Safari Windows has problems such as disclosure of sensitive information embedded in the browser cookies, and application reset malfunctions, which have been fixed. The Safari Windows Installer also resolves privilege issues by using a different compression method in the installer. On Mac, issues such as handling of Extended Validation certificates and unwanted disclosure of local file content have also been fixed.

WebKit resolves numerous problems by improving how the program handles byte order mark sequences, color settings, and style sheets. Other issues are also fixed by not rending Unicode ideographic spaces in the address bar, initializing the internal representation of HTML tables, allowing individual web pages to opt out of being displayed within a subframe, and ensuring event handlers are not able to directly affect an in-progress page transition. The update settles issues such as attackers attempts to duplicate embedded files with different security zones, and memory corruption caused by assigning an exception to a constant variable. Numerous other WebKit fixes have been made with the update.

Safari 4 is available for download from the Apple website for free.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. phillymjs

    Joined: Dec 1969

    0

    Annoyances...

    Still doesn't leave the cursor in the Google search field if it's in there when you create a new tab.

    The Choose File... button doesn't work in Outlook Web Access, nor can I select a photo to upload to Facebook.

    Both of these issues existed in the beta and I reported them as bugs. Oh well, at least the tabs are back to normal.

  1. jpellino

    Joined: Dec 1969

    0

    Jpeg dragging works.

    jpeg files dragged to the finder no longer have an additional ".jpeg" suffix added to their existing suffix as they did in the beta. Anyone know if we can turn Java back on yet?

  1. testudo

    Joined: Dec 1969

    -4

    Java

    Nope, because the problem is with java, not safari. But give apple some time. 6 months is not enough time to fix a security issue.

  1. Chris Hutcheson

    Joined: Dec 1969

    +1

    Fckedit?

    Still seems to have problems working with fckedit in some applications - updating in Joomla seemed to resolve this, but not so much in Drupal. Seems odd, when it works (and has for years) with Firefox

  1. shawnde

    Joined: Dec 1969

    0

    re: Annoyances...

    Hmm, I didn't know you could access Outlook Web Access on Safari? I thought that was an ActiveX control. Have they changed it?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented