With its sixth security update for 2007, Apple patches two Safari 3.0 beta vulnerabilities
Both vulnerabilities affect Safari 3.0 and could be exploited by surfing the Internet.
Only days after Apple released Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9. Both vulnerabilities involve surfing the Internet. One could allow a cross site scripting attack, the other could cause a denial of service (crash). The update is available from within Mac OS X via the Software Update pane in System Preferences, or from Apple's Software Download only for systems that have installed Safari 3.0 beta. This update will not appear for Mac OS X users who have not installed Safari 3.0 beta. Users of Microsoft Windows XP and Windows Vista have additional patches available ., it has also released Security Update 2007-006. This update affects users of
Patch for WebCore
This patch affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later and addresses the vulnerability in CVE-2007-2401. When serializing headers into an HTTP request, an HTTP injection is possible within XMLHttpRequest. Successful execution could result in cross-site requests to malicious sites.
Patch for WebKit
This patch affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later and addresses the vulnerability in CVE-2007-2399. A memory corruption issue exists with invalid type conversion when rendering frame sets. Visiting a maliciously crafted Web site could allow a denial-of-service (crash) or arbitrary code execution.