Apple plugs security holes in Safari on Mac, PC

Company releases Safari 3.1.1, which fixes security holes in the browser running on Windows XP, Vista, and Mac OS X machines.

Apple on Wednesday released an update to the Safari browser that plugs security holes on Macintosh and Windows machines.

Safari 3.1.1 fixes two Safari vulnerabilities that affect Windows XP or Vista and two WebKit vulnerabilities that affect Mac OS and Mac OS X Server versions 10.4.11 and 10.5.2, as well as Windows XP or Vista.

One of the two WebKit vulnerabilities could put computer users at risk of a cross-site scripting attack that can inject malicious code onto a victim's computer. The vulnerability was discovered during the PWN to OWN contest at CanSecWest last month by Dan Charlie Miller, Jake Honoroff, and Mark Daniel of Independent Security Evaluators.

The other WebKit vulnerability could lead to an unexpected application termination or arbitrary code execution. Apple credited Robert Swiecki of the Google Security Team and David Bloom for reporting this issue.

The remaining two vulnerabilities, which affect only Windows XP or Vista, could lead to an unexpected application termination or arbitrary code execution, or control the contents of the address bar and spoof the contents of a legitimate site.

The Windows version of Safari 3.1.1 can be downloaded from CNET's Download.com here and the Mac version here.

Apple has more information about Safari 3.1.1 here.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Uber's tumultuous ups and downs in 2014 (pictures)
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)
This plain GE range has all of the essentials (pictures)
Sony's 'Interview' heard 'round the world (pictures)
Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)