Apple Releases Safari 3.1.1, Addresses PWN2OWN Vulnerability

Apple has released Safari 3.1.1 for download.

Nice. Safari 3.1 was a bit weird for me.

Ooh! Let me guess what it fixes! Um... "general compatibility and security issues"

Edit: Well, actually, I forgot stability!

According to Software Update:

This update is recommended for all Safari users and includes improvements to stability, compatibility and security.

For detailed information on the security content of this update, please visit this site: http://support.apple.com/kb/HT1222

EDIT: p.s. It also requires a restart.

hope this makes a difference, it has been crazing on me for awhile now...:rolleyes:

Does anyone know if this is based on a newer version of Webkit?

CVE-ID: CVE-2008-1024
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.


WebKit
CVE-ID: CVE-2008-1025
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Visiting a malicious website may result in cross-site scripting
Description: An issue exists in WebKi's handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.


WebKit
CVE-ID: CVE-2008-1026
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple's recommendation or endorsement. Please contact the vendor for additional information."

I was hoping Safari's Reset would be fixed. The reset doesn't work reliably. You have to change an option each time for it to work.

Notice the last one there - a bug in WebKit that could allow arbitrary code execution (reported by Charlie Miller)? Arbitrary code execution... sounds like what happened recently when a MacBook Air was hacked at a security conference by ... oh wait, it was Charlie Miller!

http://venturebeat.com/2008/03/28/charlie-miller-making-his-name-in-mac-hacking/

Seems like the WebKit team has patched the vulnerability.

Did someone say "snappier"? :D
I downloaded it, not sure that I see a difference yet.
Morod