Apple Security Update Patches Safari 3 Beta - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management

Apple Security Update Patches Safari 3 Beta

The download fixes remote code execution bugs and other flaws in both its Safari Web browser beta and Mac OS X.

Apple on Monday released security updates for vulnerabilities in its Mac OS X, as well as its Safari for Windows beta, which has had early trouble with multiple bugs.

The update marks the second time in just more than a week that Apple has had to update its Safari 3 beta, which is designed for both the Mac and the Windows operating systems. Both patches in Security Update 2007-006 affect Safari. One patch fixes a remote code execution bug in WebKit, which is an open source Web browser engine. The second patch fixes a flaw that causes cross-site requests in WebCore, which is a framework for Mac OS X.

Apple noted in an online advisory that the WebKit bug is caused by an invalid type conversion when rendering frame sets. Apple reported that it could lead to memory corruption. "Visiting a maliciously crafted Web page may lead to an unexpected application termination or arbitrary code execution," according to the advisory.

Apple credits Rhys Kidd of Westnet for reporting the issue.

The WebCore flaw is an HTTP injection issue that exists in XMLHttpRequest when serializing headers into an HTTP request, according to Apple. By luring a user to visit a malicious Web page, an attacker could remotely execute cross-site scripting attacks. This patch is designed to fix the flaw by performing additional validation of header parameters.

Apple credits Richard Moore of Westpoint for reporting the bug.

This is the second security update Apple has issued to fix problems in its Safari beta. The first update patched three of the multiple vulnerabilities that researchers found in the beta immediately upon its release. Safari 3.0.1 Public Beta for Windows fixes two flaws that only affect the Windows version of Apple's browser, along with one vulnerability that affects Windows and also could crash the browser running on the Mac OS X operating system.

"I think it was obvious they had to do this to save the day since there were so many problems with the release," said Johannes Ullrich, chief research officer of the SANS Institute and chief technology officer for the Internet Storm Center, in a previous interview. "For a beta product like this, it's really in development, so it's for people to play with and test. And they really have."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll