Apple has released a new version of their popular Safari browser for Windows and OS X that addresses two vulnerabilities that if exploited could lead to system compromise or Cross-Site Scripting (XSS) attacks. Apple is advising everyone to update to version 4.0.2 of Safari as soon as possible.
Apple issues Safari security update.
The two fixes in this newest Safari release address issues in WebKit. In addition, the nitro JavaScript engine earned some performance increases as well.
The first vulnerability, which deals with WebKit’s handling of parent and top objects, could have resulted in XSS attacks if a user visited a malicious webpage. The second fix for Web Kit, centers on a memory corruption issue that could lead to code execution. The source for the vulnerability stems from how WebKit deals with numeric character references. If exploited, the vulnerability would trigger a corruption error that would allow code execution.
Apple reports that Safari versions prior to 4.0.2 on Windows (XP or Vista), and OS X 10.4 and 10.5 are affected by the vulnerabilities. You can download the new version of Safari, which has fixed these issues, by going online or using the Software Update options.
In June, apple released a massive patch release for Safari that addressed over 50 vulnerabilities. At the time, the patch that earned the most notoriety was yet another WebKit issue. In the June patch release, Apple fixed a bug in WebKit that allowed Clickjacking.
“A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase. This update addresses the issue through adoption of the industry-standard ‘X-Frame-Options’ extension header, that allows individual web pages to opt out of being displayed within a subframe,” Apple wrote.
In addition to the Clickjacking fix, Apple also patched five code execution vulnerabilities.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story