Apple has released a security update to the Safari 4 Public Beta which can be downloaded and installed via Software Update.
----- libxml
CVE-ID: CVE-2008-3529
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3.
Safari
CVE-ID: CVE-2009-0162
Available for: Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution
Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. These issues are addressed in Safari 3.2.3. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.
WebKit
CVE-ID: CVE-2009-0945
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue. -----
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
![Apple to Launch M4 Macs Next Week [Gurman]](/images/news/95276/95276/95276-160.jpg "Apple to Launch M4 Macs Next Week [Gurman]")
![Apple Seeds watchOS 11.1 RC1 to Developers [Download]](/images/news/95273/95273/95273-160.jpg "Apple Seeds watchOS 11.1 RC1 to Developers [Download]")
![New iPad mini 7 Review Roundup [Video]](/images/news/95269/95269/95269-160.jpg "New iPad mini 7 Review Roundup [Video]")
![Qualcomm Says 'Snapdragon 8 Elite' Has 'World's Fastest' Mobile SoC [Video]](/images/news/95266/95266/95266-160.jpg "Qualcomm Says 'Snapdragon 8 Elite' Has 'World's Fastest' Mobile SoC [Video]")
![New Black Titanium Apple Watch Ultra 2 On Sale for $64.11 Off [Deal]](/images/news/95239/95239/95239-160.jpg "New Black Titanium Apple Watch Ultra 2 On Sale for $64.11 Off [Deal]")
![Samsung 49-inch Odyssey G93SC OLED Curved Monitor On Sale for 41% Off [Deal]](/images/news/95198/95198/95198-160.jpg "Samsung 49-inch Odyssey G93SC OLED Curved Monitor On Sale for 41% Off [Deal]")
![Huge Sale on Apple Pencil [Deal]](/images/news/95173/95173/95173-160.jpg "Huge Sale on Apple Pencil [Deal]")
![New Beats Pill Speaker On Sale for 35% Off [Lowest Price Ever]](/images/news/95179/95179/95179-160.jpg "New Beats Pill Speaker On Sale for 35% Off [Lowest Price Ever]")
![Last Chance for Prime Big Deal Days 2024: Don't Miss These Final Offers! [List]](/images/news/95164/95164/95164-160.jpg "Last Chance for Prime Big Deal Days 2024: Don't Miss These Final Offers! [List]")
