Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Focus on Apple
Back to list
|
Post reply
Apple releases Safari 3.2.1 for Windows
Jun 19 2008 10:49PM
Todd Woodward (todd_woodward symantec com)
Apple today released "APPLE-SA-2008-06-19 Safari v3.1.2 for Windows".
It addresses the following issues:
Safari
Type: Inadvertent information disclosure; maliciously crafted BMP or GIF
images
Resolution: Additional BMP and GIF image validations
Credit: Gynvael Coldwind of Hispasec
Type: Arbitrary code execution; Untrusted downloaded code execution
Resolution: Change default download location and user prompts
Credit: Aviv Raff
Type: Execution of arbitrary code; Malicious website
Resolution: Prevent the automatic execution of downloaded files
Credit: Will Dormann of CERT/CC
WebKit
Type: Unexpected application termination; Arbitrary code execution;
Malicious website; Memory corruption
Resolution: Improved bounds checking
Credit: James Urquhart
No Knowledge Base article has been published yet, but when published, it
should be linked from the following Knowledge Base article:
http://support.apple.com/kb/HT1222
###
Todd D. Woodward
Technical Support Engineer
NetBackup Data Protection Group
Symantec Corporation
www.symantec.com
Springfield, Oregon
Office: 541-335-7441
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
It addresses the following issues:
Safari
Type: Inadvertent information disclosure; maliciously crafted BMP or GIF
images
Resolution: Additional BMP and GIF image validations
Credit: Gynvael Coldwind of Hispasec
Type: Arbitrary code execution; Untrusted downloaded code execution
Resolution: Change default download location and user prompts
Credit: Aviv Raff
Type: Execution of arbitrary code; Malicious website
Resolution: Prevent the automatic execution of downloaded files
Credit: Will Dormann of CERT/CC
WebKit
Type: Unexpected application termination; Arbitrary code execution;
Malicious website; Memory corruption
Resolution: Improved bounds checking
Credit: James Urquhart
No Knowledge Base article has been published yet, but when published, it
should be linked from the following Knowledge Base article:
http://support.apple.com/kb/HT1222
###
Todd D. Woodward
Technical Support Engineer
NetBackup Data Protection Group
Symantec Corporation
www.symantec.com
Springfield, Oregon
Office: 541-335-7441
[ reply ]