Apple releases Safari Beta Update 3.0.3

Apple today released Safari Beta 3.0.3 which is recommended for all users and improves its security and stability.

Safari 3 Beta Update 3.0.3 security content:

Safari

CVE-ID: CVE-2007-3743

Available for: Windows XP or Vista

Impact: Adding bookmarks may lead to an unexpected application termination or arbitrary code execution

Description: A stack buffer overflow vulnerability exists in Safari’s bookmark handling. By enticing a user to add a bookmark with an overlong title, an attacker may trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing proper bounds checking. This issue does not affect Mac OS X systems.

WebKit

CVE-ID: CVE-2007-2408

Available for: Mac OS X v10.4.9 or later, Windows XP or Vista

Impact: Visiting a malicious website may allow Java applets to load and run even when Java is disabled

Description: Safari provides an “Enable Java” preference, which when unchecked should prevent the loading of Java applets. By default, Java applets are allowed to be loaded. Navigating to a maliciously crafted web page may allow a Java applet to be loaded without checking the preference. This update addresses the issue through a stricter check of the “Enable Java” preference. Credit to Scott Wilde for reporting this issue.

• WebKit

CVE-ID: CVE-2007-3742

Available for: Mac OS X v10.4.9 or later, Windows XP or Vista

Impact: Look-alike characters in a URL could be used to masquerade a website

Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

• WebKit

CVE-ID: CVE-2007-3944

Available for: Mac OS X v10.4.9 or later, Windows XP or Vista

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

Safari Beta Update 3.0.3 is available via Software Update.

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]

27 Comments

  1. Safari beta has been pretty good, not sure why but lately it has been acting a bit wonky, w/ the update it seems much better/snappier. Not sure if the 2.0 versions had it.. but there are some nice right click features with the tab bar like “New Tab” “Reload All Tabs” “Add Bookmarks For These (x#of) Tabs”, etc.

  2. I’ve been using Safari 3.02 beta for a few weeks now and LOVE IT! The options to save a bookmark for multiple tabs and the option to reopen all windows/tabs from the previous session are great additions. So far, it’s been pretty stable. My only recurring problem is sometimes having problems typing an address into the URL line. It will occasionally be very slow and hesitate several seconds for each character typed. No problems entering in the Google bar or using bookmarks though when the URL problem occurs.

  3. Been running the beta on an intel iMac since the day it was released. Love it. No real issues encountered, and I like the “you have text on this page that is not saved” deal, usually related to leaving comments or editing stuff with google. great feature.

    the updated “find” in the pages is by far the best feature, I’d risk the beta just for that. they give you an uninstaller to revert with the main installer, so take the plunge.

  4. Safari Beta hustles for me on my 800MHz G4 iMac.

    What I’m still ticked off about is that Apple hasn’t updated the graphics to match the Windows version.

    … and don’t tell me they will update in Leopard. If 3rd party developers can change the graphics of Safari, then so can Apple.

  5. My one and only issue with Safari 3 is that it modifies Webkit in such a way that websites I made in Freeway don’t properly display slave images anymore: not in Safari, not in Shiira. My other machine still runs Safari 2 and there everything is just fine.

  6. @nekogami13

    Oh, very funny – not … did you manage to think that up all by yourself, how is the life of a eleven year old these days?
    As a long time Safari user and soon to be updated to the 3.0.3. beta – For me Safari 3 is excellent. You can keep your IE, Firefox and others as they are IMHO not up to it, and they all sit on my dock updated, but rarely used.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.