HomeSoftwareApple posts Safari 3.1.1 to fix Security Issues, including $10000 Prize-winning Bug

Apple posts Safari 3.1.1 to fix Security Issues, including $10000 Prize-winning Bug

Apple logo On Wednesday, Apple released version 3.1.1 of its Safari web browser to fix a couple of security problems, which includes the much spoken about vulnerability that allowed a MacBook Air to be compromised at last month’s CanSecWest “PWN to OWN” security contest.

Apple emphasized that the update patches four security problems, including a heap buffer overflow that was present within the browser’s WebKit framework for managing JavaScript regular expressions.

Charles Miller discovered and exploited the flaw on a MacBook Air, to walk home with a whopping $10,000 prize.

- Advertisements -

In addition, the Safari 3.1.1 update also fixed another issue within WebKit’s handling of URLs comprising of a colon character in the host name. Apple noted that by exploiting this flaw, a hacker could use a maliciously crafted URL to lead a cross-site scripting attack.

The other two issues dealt with the Safari application itself, and concerned only the PC version of the browser. While one of the issues allowed a maliciously crafted website to control the contents of a user’s address bar, the other made enabled a maliciously crafted website to cause arbitrary code execution or the Safari application to unexpectedly quit.

The latest 36MB update is available for both Macs as well as Windows PCs, and all Safari users have been recommended to install it as it includes enhancements to stability, compatibility and security. The Apple Safari 3.1.1 can be downloaded from the Apple site http://www.apple.com/safari/download/.

- Advertisements -

LATEST