The vulnerabilities range from cross-site scripting to remote code execution.
For Windows XP and Vista users, the update addresses four flaws. Two of the vulnerabilities, a memory overflow error in the browser itself and a buffer overflow in the JavaScript component, could be exploited by an attacker to remotely install and execute malware on a target system.
Another flaw in the browser could allow for a URL to be displayed without the page itself being loaded. Apple warned that this could be exploited by an attacker to spoof legitimate sites by displaying normal URLs with forged web pages.
The fourth vulnerability is a flaw in the browser's WebKit component. An attacker could use a malformed URL to exploit the vulnerability and perform a cross-site scripting attack.
Mac users will receive updates for just two of the four flaws. Apple patched the JavaScript remote code execution flaw as well as the cross-site scripting vulnerability in the OS X version of the Safari patch.
Users can download the Safari update through Apple's Software Update application or from the company's Safari download site.
Apple patches critical Safari holes
By
Shaun Nichols
on Apr 18, 2008 7:07AM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Ingram Micro Ushers in the Age of Ultra
Kaseya Dattocon APAC 2024 is Back
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Sponsored Whitepapers
-1.jpg&w=100&c=1&s=0)
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
.png&w=100&c=1&s=0)
