Thursday, June 14,2007 @ 9:20am
Safari 3.01 for Windows fixes security flaws
Apple has released Safari 3.01 for Windows, an update to the public beta that was announced earlier this week. The browser, now available for Windows XP and Vista, is based on the same WebKit foundation as the Mac and iPhone version. Although specific details of the update were not provided via Apple's security website, the release comes on the heels of criticism of Apple by researchers who claim to have found more than 18 security flaws in the Safari browser within a few days of its release.
The updated Safari download is not specifically noted on Apple's website, but it is available via the Apple Software update on Windows or via Apple's website. According to Macworld, the security improvements in Safari Beta 3.0.1 include a correction for a "command injection vulnerability," remedied with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser; an out-of-bounds memory read issue; and a race condition that can allow cross-site scripting using a JavaSscript exploit. The report said that these flaws do not affect the Mac version.