Apple plugs security holes in Safari on Mac, PC

Company releases Safari 3.1.1, which fixes security holes in the browser running on Windows XP, Vista, and Mac OS X machines.

Apple on Wednesday released an update to the Safari browser that plugs security holes on Macintosh and Windows machines.

Safari 3.1.1 fixes two Safari vulnerabilities that affect Windows XP or Vista and two WebKit vulnerabilities that affect Mac OS and Mac OS X Server versions 10.4.11 and 10.5.2, as well as Windows XP or Vista.

One of the two WebKit vulnerabilities could put computer users at risk of a cross-site scripting attack that can inject malicious code onto a victim's computer. The vulnerability was discovered during the PWN to OWN contest at CanSecWest last month by Dan Charlie Miller, Jake Honoroff, and Mark Daniel of Independent Security Evaluators.

The other WebKit vulnerability could lead to an unexpected application termination or arbitrary code execution. Apple credited Robert Swiecki of the Google Security Team and David Bloom for reporting this issue.

The remaining two vulnerabilities, which affect only Windows XP or Vista, could lead to an unexpected application termination or arbitrary code execution, or control the contents of the address bar and spoof the contents of a legitimate site.

The Windows version of Safari 3.1.1 can be downloaded from CNET's Download.com here and the Mac version here.

Apple has more information about Safari 3.1.1 here.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the Makerbot Replicator 3D Printer and all the supplies you need to get started.