Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you

Apple plugs security holes in Safari on Mac, PC

Company releases Safari 3.1.1, which fixes security holes in the browser running on Windows XP, Vista, and Mac OS X machines.

Apple on Wednesday released an update to the Safari browser that plugs security holes on Macintosh and Windows machines.

Safari 3.1.1 fixes two Safari vulnerabilities that affect Windows XP or Vista and two WebKit vulnerabilities that affect Mac OS and Mac OS X Server versions 10.4.11 and 10.5.2, as well as Windows XP or Vista.

One of the two WebKit vulnerabilities could put computer users at risk of a cross-site scripting attack that can inject malicious code onto a victim's computer. The vulnerability was discovered during the PWN to OWN contest at CanSecWest last month by Dan Charlie Miller, Jake Honoroff, and Mark Daniel of Independent Security Evaluators.

The other WebKit vulnerability could lead to an unexpected application termination or arbitrary code execution. Apple credited Robert Swiecki of the Google Security Team and David Bloom for reporting this issue.

The remaining two vulnerabilities, which affect only Windows XP or Vista, could lead to an unexpected application termination or arbitrary code execution, or control the contents of the address bar and spoof the contents of a legitimate site.

The Windows version of Safari 3.1.1 can be downloaded from CNET's here and the Mac version here.

Apple has more information about Safari 3.1.1 here.