Under cover of darkness, Apple released Safari 3.1.1 via Software Update tonight. In typical Apple form the description is purposefully vague, recommending the update "for all Safari users" and telling us that it "includes improvements to stability, compatibility and security." A-ha.
WebKit CVE-ID: CVE-2008-1025
Impact: Visiting a malicious website may result in cross-site scripting
WebKitCVE-ID: CVE-2008-1026
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
I bet that this Safari update fixes the exploit that was discovered at the CanSecWest hacking contest on 31 March by Charlie Miller who won a MacBook Air (and $10,000 cash) after breaking into the machine via one of the its built-in apps (presumably Safari).
Last
year,
we
were
surprised
with
trackpad
support
in
a
routine
iPadOS
update.
I
have
high
hopes
for
what
Apple
can
surprise
iPad
users
with
this
year.
...
Join Discussion