Apple Inc. has released version 3.1.1 of the Safari web browser to address several serious security problems. One of the vulnerabilities that has been fixed was widely publicized after being used to compromise a MacBook Air during a security conference. The update is available for both Mac and PC at about 39MB. It is highly recommended for all Safari users to ensure the security of their systems.
In total, four security bugs have been fixed by Apple. The aforementioned publicized security bug used to compromise a MacBook Air laptop at last month's CanSecWest security conference won Charlie Miller a $10,000 prize. The bugs also included a a heap buffer overflow present the browser's WebKit framework for handling JavaScript.
A second issue in the WebKit framework was also addressed. It involved WebKit's handling of URLs that contain a colon character in the host name, which could have been exploited by a malicious user to create a crafted URL to lead a cross-site scripting attack. Two other issues allowed malicious users to manipulate the contents of the address bar, or to execute arbitrary code.
Get regular news updates from AfterDawn.com by subscribing to our RSS feeds using the Subscribe button below. If you have been living in a cave for a few years now and don't know how to use RSS feeds, then Click Here to read a Guide on how to use RSS (and other) feeds.
A second issue in the WebKit framework was also addressed. It involved WebKit's handling of URLs that contain a colon character in the host name, which could have been exploited by a malicious user to create a crafted URL to lead a cross-site scripting attack. Two other issues allowed malicious users to manipulate the contents of the address bar, or to execute arbitrary code.
Get regular news updates from AfterDawn.com by subscribing to our RSS feeds using the Subscribe button below. If you have been living in a cave for a few years now and don't know how to use RSS feeds, then Click Here to read a Guide on how to use RSS (and other) feeds.
