Apple has refreshed its new Safari for Windows browser to patch a pair of vulnerabilities that could cause spoofing and HTTP redirection attacks.
[NOTE: Click image at left for instructions on configuring Safari to run securely ]
Both vulnerabilities affect Windows XP and Windows Vista users while one patch is available for Safari on the Mac OS X.
Details on the latest patches:
CVE-2007-2398 -- In Safari Beta 3.0.1 for Windows, a timing issue allows a Web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered.
[ Securing Safari: How to run Apple’s browser securely ]
CVE-2007-2400 --Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This issue affects Mac OS X users.
Apple also released a patch for WebCore to correct an An HTTP injection issue in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks, Apple said. This affects Mac OS X, Windows XP and Windows Vista.
A fourth vulnerablity, in WebKit, corrects a potential code execution issue affecting Mac OS X, Windows XP and Windows Vista users. This could be exploiting by luring users to a maliciously crafted Web site.
Join Discussion