Apple on Thursday released a new version of Safari for Windows that includes a security fix for a high-profile carpet-bombing desktop attack vulnerability previously dismissed by the Cupertino vendor. The Safari update is only for Windows users, not Mac OSX versions. Version 3.1.2 of Safari for Windows can be downloaded and installed from Apple Downloads, or you can download Safari 3.1 here.
BMP or GIF image memory error
This patch only affects users of Windows XP or Vista. The update addresses CVE-2008-1573, an out-of-bounds memory read vulnerability. The error may occur in the handling of BMP and GIF images, which may lead to the disclosure of memory contents. Apple credits Gynvael Coldwind of Hispasec for reporting the vulnerability.
Carpet bombing attack
This patch only affects users of Windows XP or Vista. The update addresses CVE-2008-2540, a vulnerability in how Windows desktop handles executable files. Apple explains: "Saving an untrusted file to the Windows desktop may trigger the issue, and lead to the execution of arbitrary code. Web browsers are a means by which files may be saved to the desktop. To help mitigate this issue, the Safari browser has been updated to prompt the user prior to saving a download file. Also, the default download location is changed to the user's Downloads folder on Windows Vista, and to the user's Documents folder on Windows XP." Apple credits Aviv Raff for reporting the vulnerability.
Internet Explorer 7
This patch only affects users of Windows XP or Vista. The update addresses CVE-2008-2306 which is an Internet Explorer 7 vulnerability. Apple explains: "If a Web site is in an Internet Explorer 7 zone with the 'Launching applications and unsafe files' setting set to 'Enable,' or if a Web site is in the Internet Explorer 6 'Local intranet' or 'Trusted sites' zone, Safari will automatically launch executable files that are downloaded from the site. This update addresses the issue by not automatically launching downloaded executable files, and by prompting the user before downloading a file if the 'always prompt' setting is enabled." Apple credits Will Dormann of CERT/CC for reporting the vulnerability.