Apple plugs three Safari for Windows holes

Apple has responded swiftly to the discovery of vulnerabilities in its new Safari for Windows browser, rushing out fixes for a trio of potentially dangerous security flaws.

The new Safari 3.0.1 Public Beta confirms and fixes a remote code execution hole found by Danish hacker Thor Larholm and two other undocumented denial-of-service/code execution bugs.

"By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs," Apple said in an advisory.

Larholm confirms the bug has been fixed but suggests there may still be some related problems:

Quotes and whitespace [are] now filtered on any requests to external URL protocol handler applications, but other characters are still being passed without filtering so I expect to find some variations pretty soon.

The browser refresh is available via the "Apple Software Update" application, which is installed with the most recent version of QuickTime or iTunes on Windows and should be treated as a high-priority update. Beta testers (Windows XP and Vista) can download Safari 3.0.1 here.

[ SEE: Safari on Windows could be big target for malware ]

Details on the two other bugs:

CVE-2007-3185 -- Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution because of an "out-of-bounds memory read issue."

CVE-2007-2391 -- Visiting a malicious website may allow cross-site scripting because of a "race condition" issue. This could also allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page if a user is lured to a malicious Web page.

Apple claims that none of the bugs affect Safari on the Mac OS X platform.