Safari 4.0.4 is Faster and Safer than Previous Versions
Article by George Norman
On 12 Nov 2009
If you are a Windows, Mac OS X Tiger, Leopard or Snow Leopard user and you have Safari 4.0 installed on your machine, then you need to update. Cupertino-based software developer Apple has updated its Safari browser to version 4.0.4. This update makes the browser faster, more stable and more secure. Apple advises all Safari users to update to version 4.0.4

Here are the changes Safari 4.0.4 brings to the table, as detailed by Apple itself:
  • Improved JavaScript performance
  • Improved Full History Search performance for users with a large number of history items
  • Stability improvements for 3rd-party plug-ins, the search field and Yahoo! Mail

And now, here are the security issues that Safari 4.0.4 addresses.
  • CVE-2009-2804: ColorSync (Windows 7, Vista, XP)
Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow exists in the handling of images with an embedded color profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of color profiles
  • CVE-2009-2414, CVE-2009-2416: libxml (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Windows 7, Vista, XP)
Impact: Parsing maliciously crafted XML content may lead to an unexpected application termination
Description: Multiple use-after-free issues exist in libxml2, the most serious of which may lead to an unexpected application termination. This update addresses the issues through improved memory handling.
  • CVE-2009-2842: Safari (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2, Windows 7, Vista, XP)
Impact: Using shortcut menu options within a maliciously crafted website may lead to the disclosure of local information
Description: An issue exists in Safari's handling of navigations initiated via the "Open Image in New Tab", "Open Image in New Window", or "Open Link in New Tab" shortcut menu options. Using these options within a maliciously crafted website could load a local HTML file, leading to the disclosure of sensitive information. The issue is addressed by disabling the listed shortcut menu options when the target of a link is a local file.
  • CVE-2009-2816: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2, Windows 7, Vista, XP)
Impact: Visiting a maliciously crafted website may result in unexpected actions on other websites
Description: An issue exists in WebKit's implementation of Cross-Origin Resource Sharing. Before allowing a page from one origin to access a resource in another origin, WebKit sends a preflight request to the latter server for access to the resource. WebKit includes custom HTTP headers specified by the requesting page in the preflight request. This can facilitate cross-site request forgery. This issue is addressed by removing custom HTTP headers from preflight requests.
  • CVE-2009-3384: WebKit (Windows 7, Vista, XP)
Impact: Accessing a maliciously crafted FTP server could result in an unexpected application termination, information disclosure, or arbitrary code execution
Description: Multiple vulnerabilities exist in WebKit's handling of FTP directory listings. Accessing a maliciously crafted FTP server may lead to information disclosure, unexpected application termination, or execution of arbitrary code. This update addresses the issues through improved parsing of FTP directory listings.
  • CVE-2009-2841: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2)
Impact: Mail may load remote audio and video content when remote image loading is disabled
Description: When WebKit encounters an HTML 5 Media Element pointing to an external resource, it does not issue a resource load callback to determine if the resource should be loaded. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed by generating resource load callbacks when WebKit encounters an HTML 5 Media Element.

If you would like to download Safari 4.0.4, you can grab it straight from Apple
here.

Advertising



Tags: Apple, Safari, Update, Mac OS X, Windows
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 07 Jun 2017
I mean really, who isn’t familiar with software giant Microsoft at this point? But if you were to ask someone like my mom about it, the only thing that’s going to come out of her mouth is "they make Windows, right?"
By George Norman on 19 Jul 2017
Apple celebrated World Emoji Day by presenting 12 upcoming emoji characters that will be available across Apple devices later this year.
By George Norman on 07 Jun 2017
Yes, I know that the global PC market is in a downwards spiral for its nth quarter and that mobile usage is on the rise. Still, I argue that a desktop PC is better than all the other alternatives.
By George Norman on 09 Aug 2017
Android started out as an underdog, as the mobile operating system that nobody took seriously. Big-name tech companies laughed it off and critics said it would fail miserably, but Android proved them all wrong and become the powerhouse that it is today.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Safari 4.0.4 is Faster and Safer than Previous Versions
HTML Linking Code