Safari 4.0.3 for Windows and Mac OS X Fixes Stability, Compatibility and Security Issues
Just the other week Apple released an update for the Leopard, mainly Mac OS X 10.5.8, which not only fixed quite a few security issues, but also updated the Mac OS X user to Safari 4.0.2 (even those running Safari 3 on their machine). Apple has now updated the Safari browser for version 4.0.3 and released it to Mac and Windows users.
The Safari 4.0.3 update is meant for Windows, Mac OS X 10.5 Leopard and Mac OS X 10.4 Tiger users that have the browser installed on their systems. By installing the update you can expect the browser to be more stable, compatible and secure. These are the “stability, compatibility and security” improvements included in Safari 4.0.3 that Apple detailed:
Stability improvements for webpages that use the HTML 5 video tag
Stability improvements for 3rd-party plug-ins
Stability improvements for Top Sites
Fixes an issue that prevented some users from logging into iWork.com
Fixes an issue that could cause web content to be displayed in greyscale instead of color
And here are the security issues that the Safari 4.0.3 addresses:
CVE-2009-2468: CoreGraphics (Windows XP and Vista)
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the drawing of long text strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-2009-2188: ImageIO (Windows XP and Vista)
Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-2009-2196: Safari (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista)
Impact: A maliciously crafted website may be promoted into Safari's Top Sites view
Description: Safari 4 introduced the Top Sites feature to provide an at-a-glance view of a user's favorite websites. It is possible for a malicious website to promote arbitrary sites into the Top Sites view through automated actions. This could be used to facilitate a phishing attack. This issue is addressed by preventing automated website visits from affecting the Top Sites list. Only websites that the user visits manually can be included in the Top Sites list. As a note, Safari enables fraudulent site detection by default. Since the introduction of the Top Sites feature, fraudulent sites are not displayed in the Top Sites view.
CVE-2009-2195: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista)
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in WebKit's parsing of floating point numbers. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-2009-2200: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista)
Impact: Visiting a maliciously crafted website and clicking "Go" when viewing a malicious plug-in dialog may lead to the disclosure of sensitive information
Description: WebKit allows the pluginspage attribute of the 'embed' element to reference file URLs. Clicking "Go" in the dialog that appears when an unknown plug-in type is referenced will redirect to the URL listed in the pluginspage attribute. This may allow a remote attacker to launch file URLs in Safari, and lead to the disclosure of sensitive information. This update addresses the issue by restricting the pluginspage URL scheme to http or https.
CVE-2009-2199: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista)
Impact: Look-alike characters in a URL could be used to masquerade a website
Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by supplementing WebKit's list of known look-alike characters. Look-alike characters are rendered in Punycode in the address bar.
If you would like to get Safari 4.0.3, a download location is available here.
Tags: Apple, Safari 4.0.3, Update, Security, STability, Compatibility
The Safari 4.0.3 update is meant for Windows, Mac OS X 10.5 Leopard and Mac OS X 10.4 Tiger users that have the browser installed on their systems. By installing the update you can expect the browser to be more stable, compatible and secure. These are the “stability, compatibility and security” improvements included in Safari 4.0.3 that Apple detailed:
Advertising
Stability improvements for webpages that use the HTML 5 video tag
Stability improvements for 3rd-party plug-ins
Stability improvements for Top Sites
Fixes an issue that prevented some users from logging into iWork.com
Fixes an issue that could cause web content to be displayed in greyscale instead of color
And here are the security issues that the Safari 4.0.3 addresses:
CVE-2009-2468: CoreGraphics (Windows XP and Vista)
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the drawing of long text strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-2009-2188: ImageIO (Windows XP and Vista)
Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-2009-2196: Safari (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista)
Impact: A maliciously crafted website may be promoted into Safari's Top Sites view
Description: Safari 4 introduced the Top Sites feature to provide an at-a-glance view of a user's favorite websites. It is possible for a malicious website to promote arbitrary sites into the Top Sites view through automated actions. This could be used to facilitate a phishing attack. This issue is addressed by preventing automated website visits from affecting the Top Sites list. Only websites that the user visits manually can be included in the Top Sites list. As a note, Safari enables fraudulent site detection by default. Since the introduction of the Top Sites feature, fraudulent sites are not displayed in the Top Sites view.
CVE-2009-2195: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista)
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in WebKit's parsing of floating point numbers. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-2009-2200: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista)
Impact: Visiting a maliciously crafted website and clicking "Go" when viewing a malicious plug-in dialog may lead to the disclosure of sensitive information
Description: WebKit allows the pluginspage attribute of the 'embed' element to reference file URLs. Clicking "Go" in the dialog that appears when an unknown plug-in type is referenced will redirect to the URL listed in the pluginspage attribute. This may allow a remote attacker to launch file URLs in Safari, and lead to the disclosure of sensitive information. This update addresses the issue by restricting the pluginspage URL scheme to http or https.
CVE-2009-2199: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista)
Impact: Look-alike characters in a URL could be used to masquerade a website
Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by supplementing WebKit's list of known look-alike characters. Look-alike characters are rendered in Punycode in the address bar.
If you would like to get Safari 4.0.3, a download location is available here.
Tags: Apple, Safari 4.0.3, Update, Security, STability, Compatibility
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 07 Sep 2011
Intego, company that specializes in providing security solutions for Mac, announced yesterday that it is running a back to school promo and that as part of the aforementioned promo, it is offering a 20%
By George Norman on 28 Sep 2011
Great news for fans of properly good web browsers: the latest version of the Firefox browser to be released to the public is v 7.0
By George Norman on 21 Sep 2011
It would seem that changing someone’s password is not a very difficult thing of that someone is on Mac OS X 10.7 Lion, the eight major release of the Mac OS X operating system. Patrick Dunstan, author of the Defence in Depth blog, uncovered that
By George Norman on 14 Oct 2011
Intego, company that specializes in providing security solutions for Mac, announced earlier this week that its malware scanner for iOS, the VirusBarrier iOS app, is on sale to celebrate theAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Safari 4.0.3 for Windows and Mac OS X Fixes Stability, Compatibility and Security Issues
HTML Linking Code
HTML Linking Code