Home / mailings APPLE-SA-2008-04-16 Safari 3.1.1
Posted on 16 April 2008
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2008-04-16 Safari 3.1.1
Safari 3.1.1 is now available and addresses the following issues:
Safari
CVE-ID: CVE-2007-2398
Available for: Windows XP or Vista
Impact: A maliciously crafted website may control the contents of
the address bar
Description: A timing issue in Safari 3.1 allows a web page to
change the contents of the address bar without loading the contents
of the corresponding page. This could be used to spoof the contents
of a legitimate site, allowing user credentials or other information
to be gathered. This issue was addressed in Safari Beta 3.0.2, but
reintroduced in Safari 3.1. This update addresses the issue by
restoring the address bar contents if a request for a new web page is
terminated. This issue does not affect Mac OS X systems.
Safari
CVE-ID: CVE-2008-1024
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari's file
downloading. By enticing a user to download a file with a maliciously
crafted name, an attacker may cause an unexpected application
termination or arbitrary code execution. This update addresses the
issue through improved handling of file downloads. This issue does
not affect Mac OS X systems.
WebKit
CVE-ID: CVE-2008-1025
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Visiting a malicious website may result in cross-site
scripting
Description: An issue exists in WebKit's handling of URLs containing
a colon character in the host name. Opening a maliciously crafted URL
may lead to a cross-site scripting attack. This update addresses the
issue through improved handling of URLs. Credit to Robert Swiecki of
the Google Security Team, and David Bloom for reporting this issue.
WebKit
CVE-ID: CVE-2008-1026
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of
JavaScript regular expressions. The issue may be triggered via
JavaScript when processing regular expressions with large, nested
repetition counts. This may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue by performing additional validation of JavaScript regular
expressions. Credit to Charlie Miller working with TippingPoint's
Zero Day Initiative for reporting this issue.
Safari 3.1.1 is available via the Apple Software Update application,
or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for Mac OS X v10.5.2
The download file is named: "Safari311UpdLeo.dmg"
Its SHA-1 digest is: b46cb76eab74f9af0a6eba6d2beaa5cdf7e3380f
Safari for Mac OS X v10.4.11
The download file is named: "Safari311UpdTiger.dmg"
Its SHA-1 digest is: 34f03fa4a7a44a33d78018255260c85dc341b12f
Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: dd813e7832b43245eb909850edf6d597c7c35761
Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 926346ab21a79f8c9e99f694204fb159b385e7db
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
