[Swordmaker]

Apple updates Safari 4 Public Beta

Tuesday, May 12, 2009 - 10:30 PM EDT

Apple has released and update to Safari 4 Public Beta which is recommended for all users of the Safari 4 Public Beta and includes the latest security updates.

Safari 4 Public Beta Security Update

• libxml

CVE-ID: CVE-2008-3529

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3.

• Safari

CVE-ID: CVE-2009-0162

Available for: Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution

Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. These issues are addressed in Safari 3.2.3. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.

• WebKit

CVE-ID: CVE-2009-0945

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue.

Safari Public Beta is available via Software Update.

[Swordmaker]

Safari Web Browser has been updated. Safari 3.2.3 is now available for all Safari 3 users.

Apple has also updated the public Beta of Safari 4 for all of us who have upgraded to OS X.5.7.

Once Mac users have upgraded to OS X.5.7 today, they need to run "Software Update..." under the Black Apple Menu again to let the system find the Beta update.

Safari updates Ping!

If you want on or off the Mac Ping List, Freepmail me.

[TheThinker]

I thought about downloading Safari to my PC but it sort of scares me because I don’t like messing with Murphy, especially when it comes to computers. Maybe I should just start over with a Mac when this computer dies.

[TheBattman]

The update to 3.2.3 was apparently included in my “software update” to 10.5.7, because it was nearly 500MB, and my Safari already says that version (and no new updates available).

[Ticonderoga34]

I download Safari 3.2.3 and Safari does seem faster. Then again, it could be because at this time of night, there isn’t a lot of Internet traffic on my ISP.