Added on 12 Nov 2009(528 Views)
If you are a Windows, Mac OS X Tiger, Leopard or Snow Leopard user and you have Safari 4.0 installed on your machine, then you need to update. Cupertino-based software developer Apple has updated its Safari browser to version 4.0.4. This update makes the browser faster, more stable and more secure. Apple advises all Safari users to update to version 4.0.4 Here are the changes Safari 4.0.4 brings to the table, as detailed by Apple itself:
- Improved JavaScript performance
- Improved Full History Search performance for users with a large number of history items
- Stability improvements for 3rd-party plug-ins, the search field and Yahoo! Mail
And now, here are the security issues that Safari 4.0.4 addresses.
- CVE-2009-2804: ColorSync (Windows 7, Vista, XP)
Description: An integer overflow exists in the handling of images with an embedded color profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of color profiles
- CVE-2009-2414, CVE-2009-2416: libxml (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Windows 7, Vista, XP)
Description: Multiple use-after-free issues exist in libxml2, the most serious of which may lead to an unexpected application termination. This update addresses the issues through improved memory handling.
- CVE-2009-2842: Safari (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2, Windows 7, Vista, XP)
Description: An issue exists in Safari's handling of navigations initiated via the "Open Image in New Tab", "Open Image in New Window", or "Open Link in New Tab" shortcut menu options. Using these options within a maliciously crafted website could load a local HTML file, leading to the disclosure of sensitive information. The issue is addressed by disabling the listed shortcut menu options when the target of a link is a local file.
- CVE-2009-2816: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2, Windows 7, Vista, XP)
Description: An issue exists in WebKit's implementation of Cross-Origin Resource Sharing. Before allowing a page from one origin to access a resource in another origin, WebKit sends a preflight request to the latter server for access to the resource. WebKit includes custom HTTP headers specified by the requesting page in the preflight request. This can facilitate cross-site request forgery. This issue is addressed by removing custom HTTP headers from preflight requests.
- CVE-2009-3384: WebKit (Windows 7, Vista, XP)
Description: Multiple vulnerabilities exist in WebKit's handling of FTP directory listings. Accessing a maliciously crafted FTP server may lead to information disclosure, unexpected application termination, or execution of arbitrary code. This update addresses the issues through improved parsing of FTP directory listings.
- CVE-2009-2841: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2)
Description: When WebKit encounters an HTML 5 Media Element pointing to an external resource, it does not issue a resource load callback to determine if the resource should be loaded. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed by generating resource load callbacks when WebKit encounters an HTML 5 Media Element.
If you would like to download Safari 4.0.4, you can grab it straight from Apple here.
Don't forget to:
RSSTags: Apple, Safari, Update, Mac OS X, Windows
Link to this article:
Add comment:
Software News
Chromium OS Goes Open-Source
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
20 Nov 2009
Office 2010 Beta Downloads Available to the Public
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
20 Nov 2009
Mozilla Releases: Firefox 3.6 Beta 3
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
20 Nov 2009
New Labs Feature for Gmail: Green Robot!
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
20 Nov 2009
Opera Mobile 10 Beta for Windows Mobile Is Out Also
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
19 Nov 2009
Beta Testing is Over, Stable Version of Trillian for iPhone Released
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
19 Nov 2009
Recommended Tools
Registry Booster 2010 Enhanced, deeper and faster error scan performance. Now also in 5 languages! Free Scan
Driver Scanner 2009
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
SpeedUpMyPC 2009
How fast is your PC really running? Turbo-charge your Internet and PC performance here
How fast is your PC really running? Turbo-charge your Internet and PC performance here
Nero Burning ROM
LimeWire Basic
Yahoo! Messenger
Winamp
Mozilla Firefox
eMule
BitComet
iTunes
Google Earth
uTorrent