Business
Apple releases Safari 3.1.1 security update
Under cover of darkness, Apple released Safari 3.1.
Under cover of darkness, Apple released Safari 3.1.1 via Software Update tonight. In typical Apple form the description is purposefully vague, recommending the update "for all Safari users" and telling us that it "includes improvements to stability, compatibility and security." A-ha.
Apple's About the security content of Safari 3.1.1 page tells a little more, stating that the update fixes two nasty Webkit bugs (in the Mac OS version):
- WebKit CVE-ID: CVE-2008-1025 Impact: Visiting a malicious website may result in cross-site scripting
- WebKitCVE-ID: CVE-2008-1026 Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution