Security – Page 59 – 37'.news ¯\_(ツ)

April 16, 2008

Safari 3.1.1 is Available

Safari Icon

Apple releases Safari 3.1.1 to address stability, compatibility and Security.

Safari 3.1.1 is available for Mac OS X Tiger, Leopard, and Windows XP/Vista.

About the security content of Safari 3.1.1

Safari 3.1.1

Safari
CVE-ID: CVE-2007-2398
Available for: Windows XP or Vista
Impact: A maliciously crafted website may control the contents of the address bar
Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.

Safari
CVE-ID: CVE-2008-1024
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.

WebKit
CVE-ID: CVE-2008-1025
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Visiting a malicious website may result in cross-site scripting
Description: An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.

WebKit
CVE-ID: CVE-2008-1026
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues.

Safari 3.1.1 can be obtained through Safari Download Page or Apple Software Updates.

April 2, 2008

Front Row 2.1.3

Apple releases Front Row 2.1.3 for Mac OS X Leopard

This Front Row update provides for bug fixes and improved iTunes compatibility.

http://www.apple.com/support/downloads/

April 2, 2008

QuickTime 7.4.5

Apple releases QuickTime 7.4.5 in conjunction with iTunes 7.4.2.

QuickTime 7.4.5

QuickTime 7.4.5 includes fixes that enhance reliability, improve compatibility with third-party applications, and address security issues. This release is recommended for all QuickTime 7 users.

For detailed information on the security content of this update, please visit this website: http://www.info.apple.com/kbnum/n61798.

QuickTime is available for Mac OS X Panther, Tiger, and Leopard as well as Windows XP and Vista.

http://www.apple.com/quicktime/download/

April 2, 2008

Apple Releases iTunes 7.6.2

Apple releases iTunes 7.6.2:

Rent and download your favorite movies with iTunes on your computer or directly to your living room on Apple TV. Enjoy rented movies in sizes up to 720p HD with surround sound on your Apple TV and sizes up to DVD-quality on your computer. Transfer your rented movies from iTunes to your iPod or iPhone and enjoy them on the go.

Also, purchase and download your favorite TV shows, music, and more directly on your Apple TV. Effortlessly transfer purchases made on Apple TV back to your computer with iTunes.

iTunes 7.6.2 provides bug fixes to improve stability and performance.

iTunes is available for Mac OSX and Windows XP/Vista

http://www.apple.com/itunes/download/

April 2, 2008

Firefox 3 Beta 5

Firefox 3 Beta 5 is officially out on Monday March 10th, 2008. Find out more about Firefox 3 Beta 5, and visit the robot at Gran Paradiso Park!

Mozilla Firefox 3 Beta 5 is available for multiple Operating Systems including Linux, Mac and Windows.

March 26, 2008

WebKit Achieves 100/100 on Acid3 Test with Flying Colors

The people who develops Opera and WebKit are racing to pass Acid3 test. Both camps have scored 100/100 on Acid3 test. According to both Opera and WebKit camp, even though they scored 100/100, there are still some bug fixing to do.

The WebKit folks announces that WebKit achieves Acid3 100/100 in public build, today.

With r31342 WebKit has become the first publicly available rendering engine to achieve 100/100 on Acid3.

Meanwhile, Opera folks were the first to claim perfect score on Acid3 test using their internal build.

I downloaded WebKit build r31344 and ran Acid3 test on it. The video can be found here (QuickTime Movie 744KB).

WebKit is available for Mac OS X and Windows.

March 26, 2008

WebKit Aims to Pass Acid3 Test

Flurry of “nightly builds” of WebKit were released today, and it appears that the WebKit team is aiming for a perfect score on Acid3 test. I downloaded at least five different WebKit builds today, and the latest one (build 31334) scores 99/100 on Acid3 test (QuickTime Movie 376KB). Can they make the perfect grade? I’m sure they will soon. Apparently an internal build of Opera has passed Acid3 Test.

WebKit is available for Mac OS X And Windows

http://webkit.org/