Apple patches critical Safari holes

By Shaun Nichols on Apr 18, 2008 7:07 AM
Filed under Security

Apple has patched four security vulnerabilities in Safari affecting the Mac OS X and Windows versions of the web browser.

The vulnerabilities range from cross-site scripting to remote code execution.

For Windows XP and Vista users, the update addresses four flaws. Two of the vulnerabilities, a memory overflow error in the browser itself and a buffer overflow in the JavaScript component, could be exploited by an attacker to remotely install and execute malware on a target system.

Another flaw in the browser could allow for a URL to be displayed without the page itself being loaded. Apple warned that this could be exploited by an attacker to spoof legitimate sites by displaying normal URLs with forged web pages.

The fourth vulnerability is a flaw in the browser's WebKit component. An attacker could use a malformed URL to exploit the vulnerability and perform a cross-site scripting attack.

Mac users will receive updates for just two of the four flaws. Apple patched the JavaScript remote code execution flaw as well as the cross-site scripting vulnerability in the OS X version of the Safari patch.

Users can download the Safari update through Apple's Software Update application or from the company's Safari download site.

 
Follow us on Facebook and Twitter
 

Copyright ©v3.co.uk

Apple patches critical Safari holes
 
 
 
 
 
Top Stories
Aussie Intercloud push: Data#3, Infront and Ethan join
Local systems integrators among Cisco's 30 global partners.
 
iiNet and Dodo in hot water over billing conduct
ACMA targets direct debit practices.
 
Reseller caught pretending to be Telstra partner
ACCC canes Zen Telecom with $225,000 fine.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
What's the best protection against bad debts?



Latest Comments
CRN Magazine

Issue: 331 | September 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.