Apple updates Safari for Windows to address flaws

By Justin Mann on June 14, 2007, 12:34 PM
No less than two days after Apple release Safari for Windows, many independent security researchers had discovered numerous flaws in the browser, which ranged from denial of service to potential compromise. Apple is moving fast to compensate for these flaws, with the release of a beta version that fixes several problems.

The 3.0.1 update for Safari on Windows will fix three different issues:

The updated version patches CVE-2007-3186, a command-injection vulnerability that may lead to arbitrary code execution; CVE-2007-3185, an out-of-bounds memory read issue that may lead to an unexpected application termination or arbitrary code execution; and CVE-2007-2391, a race condition that may allow cross-site scripting.
At first, it was speculated that perhaps the flaws could also be exploited under OS X. According to them, however, it affects only Safari running on Windows. You can of course now download the update if you so wish. To compete with Firefox and IE in the Windows realm, they'll definitely need to maintain this type of vigilance. So far, most have been unimpressed by Apple's move.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.