Apple has
issued a second security update for the Windows Safari browser less than
two weeks after its
launch.
The four security fixes are part of a larger
Safari
3.0.2 beta release for Mac OS X and Windows. Both packs contain stability
fixes in addition to the security update.
Only one of the four vulnerabilities for the Windows version could allow for
remote code execution. The flaw lies in the WebKit component used by Safari.
This could be exploited by an attacker to launch an exploit by directing the
user to a specially crafted webpage. This page could cause an application crash
and give the attacker the ability to install malware on the victim's computer.
Two of the vulnerabilities could leave users open to cross-site scripting
attacks, while the remaining flaw gave attackers the ability to spoof legitimate
websites.
One vulnerability allows attackers to conduct cross-site scripting attacks by
using specially-crafted JavaScript code to redirect the user, while another
allows cross-site scripting via a malformed HTTP request coded into a web page.
The fourth vulnerability allows an attacker arbitrarily to edit the
information that appears in the URL bar. An attacker could exploit the
vulnerability to make a malicious site appear with the URL of a trusted one.
Mac users will see two security fixes in the Safari update. Both the WebKit
and HTTP-injection vulnerabilities affect OS X as well as Windows.
The updates also contain stability fixes for 16 performance and stability
bugs in Windows and nine in OS X.
Do you agree?
Have your say on this article