Apple has issued a second security update for the Windows Safari browser less than two weeks after its launch.
The four security fixes are part of a larger Safari 3.0.2 beta release for Mac OS X and Windows. Both packs contain stability fixes in addition to the security update.
Only one of the four vulnerabilities for the Windows version could allow for remote code execution. The flaw lies in the WebKit component used by Safari.
This could be exploited by an attacker to launch an exploit by directing the user to a specially crafted webpage. This page could cause an application crash and give the attacker the ability to install malware on the victim's computer.
Two of the vulnerabilities could leave users open to cross-site scripting attacks, while the remaining flaw gave attackers the ability to spoof legitimate websites.
One vulnerability allows attackers to conduct cross-site scripting attacks by using specially-crafted JavaScript code to redirect the user, while another allows cross-site scripting via a malformed HTTP request coded into a web page.
The fourth vulnerability allows an attacker arbitrarily to edit the information that appears in the URL bar. An attacker could exploit the vulnerability to make a malicious site appear with the URL of a trusted one.
Mac users will see two security fixes in the Safari update. Both the WebKit and HTTP-injection vulnerabilities affect OS X as well as Windows.
The updates also contain stability fixes for 16 performance and stability bugs in Windows and nine in OS X.
Four more fixes for Windows Safari
By
Shaun Nichols
on Jun 26, 2007 9:20AM
Security updates pile up for Apple browser.
Got a news tip for our journalists? Share it with us anonymously here.
