Home / mailings APPLE-SA-2009-02-12 Safari 3.2.2 for Windows
Posted on 12 February 2009
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2009-02-12 Safari 3.2.2 for Windows
Safari 3.2.2 for Windows is now available and addresses the
following:
Safari
CVE-ID: CVE-2009-0137
Available for: Windows XP or Vista
Impact: Accessing a maliciously crafted feed: URL may lead to
arbitrary code execution
Description: Multiple input validation issues exist in Safari's
handling of feed: URLs. The issues allow execution of arbitrary
JavaScript in the local security zone. This update addresses the
issues through improved handling of embedded JavaScript within feed:
URLs. These issues do not affect Mac OS X systems that have applied
Security Update 2009-001. Credit to Clint Ruoho of Laconic Security,
Billy Rios of Microsoft, and Brian Mastenbrook for reporting these
issues.
Safari 3.2.2 is available via the Apple Software Update application,
or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: b378edc94eb7379056c7969ac918882dc703b53c
Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 25efd930a24603f8850d374ff7bf9b76b9a79bce
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
