April 16, 2008 2:46 PM PDT

Apple plugs security holes in Safari on Mac, PC

by Elinor Mills
  • Font size
  • Print
  • 13 comments

Apple on Wednesday released an update to the Safari browser that plugs security holes on Macintosh and Windows machines.

Safari 3.1.1 fixes two Safari vulnerabilities that affect Windows XP or Vista and two WebKit vulnerabilities that affect Mac OS and Mac OS X Server versions 10.4.11 and 10.5.2, as well as Windows XP or Vista.

One of the two WebKit vulnerabilities could put computer users at risk of a cross-site scripting attack that can inject malicious code onto a victim's computer. The vulnerability was discovered during the PWN to OWN contest at CanSecWest last month by Dan Charlie Miller, Jake Honoroff, and Mark Daniel of Independent Security Evaluators.

The other WebKit vulnerability could lead to an unexpected application termination or arbitrary code execution. Apple credited Robert Swiecki of the Google Security Team and David Bloom for reporting this issue.

The remaining two vulnerabilities, which affect only Windows XP or Vista, could lead to an unexpected application termination or arbitrary code execution, or control the contents of the address bar and spoof the contents of a legitimate site.

The Windows version of Safari 3.1.1 can be downloaded from CNET's Download.com here and the Mac version here.

Apple has more information about Safari 3.1.1 here.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security,

Apple

Tags:

security,

Apple,

Safari

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Safari the memory hog
Firefox, Adobe top buggiest-software list
The browser battles go on and on
Chrome edges out Safari in browser usage
Mozilla pushes back Firefox 3.6, 4.0 deadlines
Microsoft plugs zero-day IE hole
Microsoft actively urges IE 6 users to upgrade
Week in review: A matter of antitrust
Add a Comment (Log in or register) (13 Comments)
  • prev
  • 1
  • next
Nice
by pgp_protector April 16, 2008 3:47 PM PDT
Now stop trying to install Safari.
I don't need an update for it, I don't have it installed.
I might what my Quick time to update, but that's all.
Reply to this comment
"Now stop trying to install Safari."
by krosavcheg April 16, 2008 4:42 PM PDT
Open Apple Software Update. Check the programs you do NOT
want to install (in your case just Safari). In the Tools menu, select
"Ignore Selected Updates". Magic ensues.

If you later decide you DO want one of the items you previously
chose to ignore, select "Restore Ignored Updates".

That wasn't too hard, was it?
View reply
@merc32
by Maclover1 April 17, 2008 7:58 AM PDT
I dont like it on any OS. I am equally disappointed with it all.

I thinks its funny that everyone is up in arms about Apple doing it
now, since its been going on by MS for years.

Like I said, dont like it, dont install it. Its your only choice.
View reply
What's this?
by McPlot April 17, 2008 5:17 AM PDT
What's this? Apple software isn't perfect and can have security holes? Wow, you would never know it with all the Apple Zealots out there saying you do not even need any security software!
Reply to this comment
It is true!
by Lee in San Diego April 17, 2008 5:33 AM PDT
Unlike trolls, Apple isn't perfect.
The only Ant-anything my Macs have
by Maclover1 April 17, 2008 5:36 AM PDT
are OS X. Its Anti-Windows. I have never installed AV on my Macs.
I forget viruses exist until I use a PC.
(13 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET