Login   |   Secure Purdue > News

Safari Beta Vulnerabilities for Windows

The Safari v3.0 Public Beta web browser for Windows was released on 06/11/07.  Within the first 24 hours multiple exploits were released.  On Thursday, June 14th, Apple released Safari v3.0.1 Public Beta for Windows to address three of the high risk vulnerabilities.  One of the more serious exploits is a command injection vulnerability, which may lead to arbitrary code execution by visiting a malicious website.  An out-of-bounds memory read issue exploit exists, which could lead to an unexpected termination of the application or arbitrary code execution by visiting a malicious website.  The third high risk vulnerability is a race condition which may allow cross site scripting by visiting a malicious website.

Please be aware of the risks associated with installing any software that is still in Beta form.  Beta software is not recommended for use on production computers.

References:

Apple Product Security

http://lists.apple.com/archives/Security-announce/2007/Jun/msg00000.html

Posted by Kitch Spicer on June 18, 2007, in Handlers Log.