Apple released security fixes for their browser Safari yesterday, including the one discovered by Charlie Miller during the PWN2OWN contest at CanSecWest. The update on Safari is good for Tiger, Leopard, XP, and Vista users.
Safari patched to correct CanSecWest flaw along with errors on XP and Vista.
The patch that everyone is talking about is the one from PWN2OWN. The vulnerability corrected here, netted the researcher $10,000 from Tipping Point after he took all of two minutes to take control of the MacBook Air. We now know that the exploit used relates to the regular expression compiler in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code, the ZDI disclosure tells us.
The exploit Miller used required a user to click on a malicious page, proving that while the overall operating system might be secure, user interaction will defeat most security systems every time.
WebKit got another security patch cleaning up an issue related to Cross-Site Scripting (CSS) attacks. In this vulnerability, the handling of URLs containing a colon character in the hostname can lead to a CSS attack if a user links to a malicious URL.
Safari itself gets two patches, one to deal with address bar spoofing, and the other to deal with memory corruption. The Safari patches are available for Windows XP and Vista and do not affect OS X according to the Apple website.
The spoofing vulnerability was fixed in Safari Beta 3.0.2, and resurfaced in 3.1. A timing issue allows a web page to change the contents of the address bar without loading the contents of the corresponding page. Apple says that this could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered.
The memory issue patched in the update released yesterday takes place after a user downloads a maliciously named file. An attacker can use this to cause an unexpected application termination or arbitrary code execution.
The update to Safari weighs in at about 40MB.
You can learn more here:http://support.apple.com/kb/HT1467
The download for Safari 3.1.1 is here:http://www.apple.com/support/downloads/safari311.html
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!