On TV.com: SUPER BOWL'S Best Commercials
BNET Business Network:
BNET
TechRepublic
ZDNet

July 8th, 2009

Apple plugs dangerous Safari security holes

Posted by Ryan Naraine @ 6:05 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Hackers, Open source, Patch Watch, Pen testing, Phishing, Responsible disclosure, Spam and Phishing, Vulnerability research, Windows Vista

Tags: Apple Safari, XSS, Apple Inc., Safari 4.0.2, Security, Ryan Naraine

Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks.

The vulnerabilities affect Safari for Windows (XP and Vista) and Mac OS X.

Here are the raw details:

  • CVE-2009-1724: An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
  • CVE-2009-1725: A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references.

Safari 4.0.2 is available via the Apple Software Update application or Apple’s Safari download site.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 27 Talkback(s)
Actually, most Mac users I know...
aren't the type that rest on OS X's vaunted
invulnerability. Now, as for me, I would love
to have a Mac right now. Not because it is any
safer than Windows, I would just like to
examin... (Read the rest)
Posted by: goff256 Posted on: 07/15/09 You are currently: a Guest | | Terms of Use
RE: Apple plugs dangerous Safari security holes  kurt.westerlund@... | 07/09/09
They're going to rename Safari.  James T. Kirk | 07/09/09
That was HILARIOUS!!!  NonZealot | 07/09/09
Don't be confused  de-void | 07/09/09
Anyone really use Safari?  faxmonkey | 07/09/09
Because it is bundled with OS X and iTunes?  NonZealot | 07/09/09
Doesn't that sound a little ... oh, I dunno ... anti-compeitive?  de-void | 07/09/09
Gosh, a field day for Apple-haters!  Fred Fredrickson | 07/09/09
RE: Gosh, a field day for Apple-haters!  Mew-shew | 07/09/09
And you must be like even newer  AdventTech67 | 07/13/09
In response  de-void | 07/10/09
In rebuttal:  vulpine@... | 07/13/09
Another rebuttal  bishofthedump | 07/13/09
It's especially funny...  msalzberg | 07/10/09
Safari vs Firefox  a.barry@... | 07/13/09
Can't pretend I'm a typical user...  bishofthedump | 07/13/09
Javascript & CSS  shis-ka-bob | 07/09/09
More Safari holes?  NonZealot | 07/09/09
When will you ever learn?  rahbm | 07/13/09
It's not a "hole" it's a feature. nt  T1Oracle | 07/09/09
RE: Apple plugs dangerous Safari security holes  Steve4Fluff | 07/13/09
RE: Apple plugs dangerous Safari security holes  geekbrit@... | 07/13/09
This is absurd  shis-ka-bob | 07/13/09
You know how it is,  goff256 | 07/15/09
Where's Adrian and his too toxic polls. Oh, this is Safari so its OK...  transposeIT | 07/13/09
Not hating at all.  RealGem | 07/14/09
Actually, most Mac users I know...  goff256 | 07/15/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here