Friday, November 14, 2008

Version 3.2 of Safari Web Browser Fixes Several Vulnerabilities

Apple has fixed totally 11 vulnerabilities in its Safari web browser. All vulnerabilities are related to Safari for Windows. Four of the vulnerabilities affect also Safari for Mac OS X (CVE-2008-3644, CVE-2008-2303, CVE-2008-2317 and CVE-2008-4216).

Apple updates contain fixes to the 3rd party libraries (zlib, libxslt, libTIFF and ImageIO). Among those patched are also CoreGraphics, WebCore and WebKit. Several of these patched vulnerabilities can be exploited by luring user to specially crafted website.

Vulnerable are following Safari versions:
- Safari for Mac OS X v10.4.11 prior version 3.2
- Safari for Mac OS X v10.5.5 prior version 3.2
- Safari for Windows XP prior version 3.2
- Safari for Windows Vista prior version 3.2

Users with vulnerable Safari can obtain version 3.2 either through Apple Software Update application or at http://www.apple.com/safari/download

More information on the vulnerabilities:

Security content of Safari 3.2
CVE-2005-2096
CVE-2008-1767
CVE-2008-2303
CVE-2008-2317
CVE-2008-2327
CVE-2008-2332
CVE-2008-3608
CVE-2008-3623
CVE-2008-3642
CVE-2008-3644
CVE-2008-4216

No comments: