beqiraj.net

Apple Safari 4.0.3 Update - Apple aktualisiert seinen Browser

Apple hat mit Safari 4.0.3 ein neues Update für seinen Browser Safari veröffentlicht. Das Update enthält Verbesserungen der Stabilität, Kompatibilität und Sicherheit, einschließlich:

• Stabilitätsverbesserung für Websites, die das HTML 5 Video-Tag enthalten.
• Behebung eines Fehlers, aufgrund dessen sich einige Benutzer nicht bei iWork.com anmelden konnten.
• Behebung eines Fehlers, aufgrund dessen Webinhalte schwarzweiß anstatt farbig dargestellt wurden.

Apple Safari 4.0.3 Update für Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7,  Mac OS X v10.5.8, Mac OS X Server v10.5.8, sowie Windows XP und Windows Vista steht ab sofort auf der Apple-Website zum kostenlosen Download bereit.

• Apple Safari 4.0.3 für Windows XP oder Vista und Mac OS X
  Apple Safari 4.0.3 Update enthält Verbesserungen der Stabilität, Kompatibilität und Sicherheit.
  http://www.apple.com/de/safari/download/

Apple Safari 4.0.3 - Verbesserungen

CoreGraphics - CVE-ID: CVE-2009-2468

• Available for: Windows XP and Vista
• Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
• Description: A heap buffer overflow exists in the drawing of long text strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry of Google Inc for reporting this issue.

ImageIO - CVE-ID: CVE-2009-2188

• Available for: Windows XP and Vista
• Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution
• Description: A buffer overflow exists in the handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

Safari - CVE-ID: CVE-2009-2196

• Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista
• Impact: A maliciously crafted website may be promoted into Safari's Top Sites view
• Description: Safari 4 introduced the Top Sites feature to provide an at-a-glance view of a user's favorite websites. It is possible for a malicious website to promote arbitrary sites into the Top Sites view through automated actions. This could be used to facilitate a phishing attack. This issue is addressed by preventing automated website visits from affecting the Top Sites list.

WebKit - CVE-ID: CVE-2009-2195

• Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista
• Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
• Description: A buffer overflow exists in WebKit's parsing of floating point numbers. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

WebKit - CVE-ID: CVE-2009-2200

• Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista
• Impact: Visiting a maliciously crafted website and clicking "Go" when viewing a malicious plug-in dialog may lead to the disclosure of sensitive information
• Description: WebKit allows the pluginspage attribute of the 'embed' element to reference file URLs. Clicking "Go" in the dialog that appears when an unknown plug-in type is referenced will redirect to the URL listed in the pluginspage attribute. This may allow a remote attacker to launch file URLs in Safari, and lead to the disclosure of sensitive information. This update addresses the issue by restricting the pluginspage URL scheme to http or https.

WebKit - CVE-ID: CVE-2009-2199

• Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista
• Impact: Look-alike characters in a URL could be used to masquerade a website
• Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by supplementing WebKit's list of known look-alike characters.