Apple Goes Bug-Hunting in Safari 3.2

New browser release fixes 11 flaws and adds new security features.

WEBINAR:

How to Help Your Business Become an AI Early Adopter

On-Demand

~~Watch~~→

Posted November 16, 2008
By

Sean Michael Kerner

Apple Safari 3.2
Click to enlarge

Apple is out with an update to its Safari web browser that aims to take the bite out of several vulnerabilities -- as well as the potential for phishing attacks.

The Safari 3.2 update, available for both Windows and Mac versions of the browser, fixes at least 11 flaws, three of which are specific to its WebKit rendering engine. The flaws were found by a number of researchers including those from Apple itself as well as Google and even Microsoft.

The new update also adds an anti-phishing feature that's intended to protect users from being lured into giving away their information on fraudulent sites.

One security flaw tackled in Safari 3.2 involves how the browser processes an XML document, through which an attacker could have potentially executed arbitrary code. According to Apple's advisory, the vulnerability stems from a heap buffer overflow issue in the libxlst library (define).

The act of simply viewing a TIFF image (define) could lead to a user being exploited through another hole closed in the update. Apple credits Robert Swiecki of the Google Security Team for reporting the problem, through which viewing a maliciously crafted TIFF image could have lead to an unexpected crash or arbitrary code execution.

This article was first published on InternetNews.com.

Tags: Windows, Google, Microsoft, Mac, Safari

IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD

Which topic are you interested in?

Mobile

Security

Networks/IoT

Cloud

Data Storage

Applications

Development

IT Management

Other

What is your company size?

What is your job title?

What is your job function?

Searching our resource database to find your matches...

0 Comments (click to add your comment)

Comment and Contribute

IT Management Daily

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you datamation offers via email, phone and text message, as well as email offers about other products and services that datamation believes may be of interest to you. datamation will process your information in accordance with the Quinstreet Privacy Policy.