Apple Releases Safari Beta 3.0.2, Security Update 2007-006
Changes in Safari 3.0.2 for Windows beta:
- Latest security updates
- Improved stability
- Fixes for text display, non-English systems, and start-up times
Changes in Safari 3.0.2 for Mac OS X beta:
-Latest security updates
-Improved stability
-Improved WebKit support for Mail, iChat and Dashboard
Also released today is Security Update 2007-006 for Mac OS 10.3.9 and Mac OS 10.4.9 and later. The update addresses two vulnerabilities in WebKit, one of which could lead to an unexpected application termination or arbitrary code execution. More information on the update can be found here.
Though still in beta, the initial release of Safari 3.0 had seen 8 vulnerabilities discovered within 24 hours of its release, some of which were cross-platform. Apple quickly released Safari 3.0.1 for Windows which addressed some of the Windows-specific vulnerabilities discovered.
Top Rated Comments
(View all)
The security update isn't showing up for me. :confused:
I haven't seen the security update in Software Update yet, but its on Apple's website.
Though still in beta, the initial release of Safari 3.0 had seen 8 vulnerabilities discovered within 24 hours of its release, some of which were cross-platform. Apple quickly released Safari 3.0.1 for Windows which addressed some of the Windows-specific vulnerabilities discovered.
So some of the Apple vulnerabilities haven't been fixed yet? I haven't downloaded Safari 3 myself (quite fond of Firefox) but I thought I'd check it out.
Visiting a malicious website may allow cross-site requestsAn HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
WebKit
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionAn invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
So some of the Apple vulnerabilities haven't been fixed yet? I haven't downloaded Safari 3 myself (quite fond of Firefox) but I thought I'd check it out.
yeah... 3.0.1 only addressed the Windows-specific vulnerabilities. Some folks took that to mean that the vulnerabilities that were found WERE only windows-specific, but that's not the case. Apple just took a little while to fix the rest of them. Even now, I'm not sure whether all of them have been patched, as a few more have been trickling out, although they haven't been as severe, hence why we haven't been covering them.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
