December 4, 2022
Safari 4 Public Beta Security Update

Safari 4 Public Beta Security Update

Posted May 12, 2009 at 10:37pm by iClarified · 5312 views
Apple has released a security update to the Safari 4 Public Beta which can be downloaded and installed via Software Update.

-----
libxml

CVE-ID: CVE-2008-3529

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3.


Safari

CVE-ID: CVE-2009-0162

Available for: Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution

Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. These issues are addressed in Safari 3.2.3. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.


WebKit

CVE-ID: CVE-2009-0945

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue.
-----


Safari 4 Public Beta Security Update
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments
You must login or register to add a comment...
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
How to Create a Bootable macOS Ventura USB Installer [Video]
How to Fix 'No Matching Host Key Type Found' on Mac
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS