Safari 4.0.4 is Faster and Safer than Previous Versions
If you are a Windows, Mac OS X Tiger, Leopard or Snow Leopard user and you have Safari 4.0 installed on your machine, then you need to update. Cupertino-based software developer Apple has updated its Safari browser to version 4.0.4. This update makes the browser faster, more stable and more secure. Apple advises all Safari users to update to version 4.0.4
Here are the changes Safari 4.0.4 brings to the table, as detailed by Apple itself:
And now, here are the security issues that Safari 4.0.4 addresses.
Description: An integer overflow exists in the handling of images with an embedded color profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of color profiles
Description: Multiple use-after-free issues exist in libxml2, the most serious of which may lead to an unexpected application termination. This update addresses the issues through improved memory handling.
Description: An issue exists in Safari's handling of navigations initiated via the "Open Image in New Tab", "Open Image in New Window", or "Open Link in New Tab" shortcut menu options. Using these options within a maliciously crafted website could load a local HTML file, leading to the disclosure of sensitive information. The issue is addressed by disabling the listed shortcut menu options when the target of a link is a local file.
Description: An issue exists in WebKit's implementation of Cross-Origin Resource Sharing. Before allowing a page from one origin to access a resource in another origin, WebKit sends a preflight request to the latter server for access to the resource. WebKit includes custom HTTP headers specified by the requesting page in the preflight request. This can facilitate cross-site request forgery. This issue is addressed by removing custom HTTP headers from preflight requests.
Description: Multiple vulnerabilities exist in WebKit's handling of FTP directory listings. Accessing a maliciously crafted FTP server may lead to information disclosure, unexpected application termination, or execution of arbitrary code. This update addresses the issues through improved parsing of FTP directory listings.
Description: When WebKit encounters an HTML 5 Media Element pointing to an external resource, it does not issue a resource load callback to determine if the resource should be loaded. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed by generating resource load callbacks when WebKit encounters an HTML 5 Media Element.
If you would like to download Safari 4.0.4, you can grab it straight from Apple here.
Tags: Apple, Safari, Update, Mac OS X, Windows
Here are the changes Safari 4.0.4 brings to the table, as detailed by Apple itself:
- Improved JavaScript performance
- Improved Full History Search performance for users with a large number of history items
- Stability improvements for 3rd-party plug-ins, the search field and Yahoo! Mail
And now, here are the security issues that Safari 4.0.4 addresses.
- CVE-2009-2804: ColorSync (Windows 7, Vista, XP)
Description: An integer overflow exists in the handling of images with an embedded color profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of color profiles
- CVE-2009-2414, CVE-2009-2416: libxml (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Windows 7, Vista, XP)
Description: Multiple use-after-free issues exist in libxml2, the most serious of which may lead to an unexpected application termination. This update addresses the issues through improved memory handling.
- CVE-2009-2842: Safari (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2, Windows 7, Vista, XP)
Description: An issue exists in Safari's handling of navigations initiated via the "Open Image in New Tab", "Open Image in New Window", or "Open Link in New Tab" shortcut menu options. Using these options within a maliciously crafted website could load a local HTML file, leading to the disclosure of sensitive information. The issue is addressed by disabling the listed shortcut menu options when the target of a link is a local file.
- CVE-2009-2816: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2, Windows 7, Vista, XP)
Description: An issue exists in WebKit's implementation of Cross-Origin Resource Sharing. Before allowing a page from one origin to access a resource in another origin, WebKit sends a preflight request to the latter server for access to the resource. WebKit includes custom HTTP headers specified by the requesting page in the preflight request. This can facilitate cross-site request forgery. This issue is addressed by removing custom HTTP headers from preflight requests.
- CVE-2009-3384: WebKit (Windows 7, Vista, XP)
Description: Multiple vulnerabilities exist in WebKit's handling of FTP directory listings. Accessing a maliciously crafted FTP server may lead to information disclosure, unexpected application termination, or execution of arbitrary code. This update addresses the issues through improved parsing of FTP directory listings.
- CVE-2009-2841: WebKit (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2)
Description: When WebKit encounters an HTML 5 Media Element pointing to an external resource, it does not issue a resource load callback to determine if the resource should be loaded. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed by generating resource load callbacks when WebKit encounters an HTML 5 Media Element.
If you would like to download Safari 4.0.4, you can grab it straight from Apple here.
Advertising
Tags: Apple, Safari, Update, Mac OS X, Windows
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 25 Nov 2011
Today, Friday the 25th of November, is Black Friday, the day when just about anyone who has something to sell puts it on sale, offers it to you at a discounted price. The same applies to Intego, company that specializes in providing security solutions for Mac. 
By George Norman on 01 Feb 2012
Earlier this week software developer Piriform made a very exciting announcement – exciting for all the Mac users out there who 
By George Norman on 19 Sep 2011
This June Skype announced that it integrated Facebook in the Beta version of its Windows client. Skype 5.5 for Windows Beta, said Skype at the time, allows users to view Facebook friends in the contacts
By George Norman on 28 Oct 2011
Nullsoft, the developer behind the Winamp media player and the SHOUTcast MP3 streaming media server, announced earlier this week that the functionality Winamp has to offer is available for one more platformAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Safari 4.0.4 is Faster and Safer than Previous Versions
HTML Linking Code
HTML Linking Code