Now pointlessly enhanced with AI
Apple releases updates to Safari 3 Beta.
Safari 3.0.3 Beta can be obtained through Apple Software Update (if Safari 3 Beta is installed) or through Apple’s Safari page http://www.apple.com/safari/download/
Safari 3 Beta is available for Mac OS X and Windows XP/Vista
Apple has released iPhone Software Version 1.0.1 that includes some bug fixes.
http://docs.info.apple.com/article.html?artnum=306173
- Safari
CVE-ID: CVE-2007-2400
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site scripting
Description: Safari’s security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.
- Safari
CVE-ID: CVE-2007-3944
Available for: iPhone v1.0
Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution
Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues
- WebCore
CVE-ID: CVE-2007-2401
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
- WebKit
CVE-ID: CVE-2007-3742
Available for: iPhone v1.0
Impact: Look-alike characters in a URL could be used to masquerade a website
Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.
- WebKit
CVE-ID: CVE-2007-2399
Available for: iPhone v1.0
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
Other Bug Fixes found:
The update can be obtained through iTunes (7.3.x or higher required)
http://docs.info.apple.com/article.html?artnum=305744
http://www.apple.com/support/iphone/
Apple has been busy releasing updates to its softwares.
07.31.2007
Security Update 2007-007 is recommended for all users.
Security Update 2007-007 (10.3.9) – 48.7MB
Security Update 2007-007 (10.3.9 Server) – 63.3MB
Security Update 2007-007 (10.4.10 PPC) – 14.2MB
Security Update 2007-007 (10.4.10 Server PPC) – 23.8MB
Security Update 2007-007 (10.4.10 Universal) – 25.7MB
Security Update 2007-007 (10.4.10 Server Universal) – 35.3MB
AirPort Extreme Update 2007-004 – 745KB
This update is recommended for all Intel-based MacBook, MacBook Pro, and Mac mini computers and improves the reliability of AirPort connections.
07.30.2007
Pro Application Support 4.0.1 – 7.6MB
This update improves general user interface reliability for Apple’s professional applications.
07.26.2007
Bonjour for Windows 1.0.4 – 2.1MB
This update is recommended for all Bonjour users to improve usability and compatibility.
John C. Dvorak, in his latest PC Magazine column reveals that he is using a Mac and liking it. This somehow reminds me of the current Trojan Condoms ad, a pig got wings.
Dvorak is perceived as an Apple and Mac basher for a long time. As a regular on Leo Laporte’s “This Week in Tech” Podcast, Dvorak often made crazy comments on both Apple and Macs. For example, Dvorak said in one column that Apple was planning to abandon Mac OS X in favor of Microsoft Windows. (link will be added later)
I found the article from Mac SuperFan Site MacDailyNews to be amusing.
Anyway, to quote Bender The Great:
“OH YOUR GOD!”
p.s. Can’t wait for new Futurama episodes/movies.
Released on July 18th, 2007.
Skype 2.6 for Mac
Now with SMS and ten-way conference calling
Version: 2.6.0.151 for Mac. July 18, 2007
Skype_2.6.0.151.dmg (Size: 30 MB)
Carlos Alazraqui, the man behind the mustache – Reno 911! Deputy Sheriff James Oswaldo Garcia, will spending some quality time with comedy fans for the coming week.
Carlos will be performing at The Groundlings in Melrose Avenue – Hollywood on July 18th, 2007 08:00pm show (tomorrow – relative to this post).
Carlos will be celebrating his birthday on July 20th at The Comix in New York City (08:00pm and 10:30pm show). He will also be performing on July 21st (08:00pm and 10:30pm show).
To complete the July dates, Carlos will be performing at The Hollywood Improv on July 24th (08:00pm show).
I’ll post some videos from Carlos really soon, hopefully before the Comix NYC dates.
I’ll update this post by tomorrow night.
It’s July 17th, 2007 at 04:44M Pacific Time, and Apple Store is closed for Product Updates.
I was still wide awake, and saw this on the Apple Online Store. Not sure what is going on. Maybe it’s the long awaited iPhone nano for CDMA system. Wait, it might be the iPhone extreme™!
Who knows, it could be the new iMac.
