Apple releases Safari 3.1.1 for Mac and Windows

Apple today released Safari 3.1.1 which is the fastest and easiest-to-use web browser for Macs and Windows PCs. Safari 3 introduces new features to help you find your way and enjoy your time on the web.

Arrange your tabbed windows with just a drag and drop. Instantly and graphically locate any text on the current web page with the new find command. Easily find webpages you have visited with full history search that remembers the text content of sites.

About the security content of Safari 3.1.1:

• Safari
CVE-ID: CVE-2007-2398
Available for: Windows XP or Vista
Impact: A maliciously crafted website may control the contents of the address bar
Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.

• Safari
CVE-ID: CVE-2008-1024
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.

• WebKit
CVE-ID: CVE-2008-1025
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Visiting a malicious website may result in cross-site scripting
Description: An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.

• WebKit
CVE-ID: CVE-2008-1026
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues. MacDailyNews Note: Please see related article: Mac hacked in security contest via undisclosed Safari vulnerability – March 28, 2008

System Requirements:
• Mac OS X 10.4.11
• Mac OS X 10.5.2
• Windows XP
• WIndows Vista

Safari 3.1.1 is available via Software Update and also as a standalone installer

More info and download link here.

MacDailyNews Note: 17,000!

41 Comments

  1. me confused . . . 17,000!

    17,000 chairs flying in Redmond??

    17,000 photocopiers up and running??

    17,000 # of shares i wish i had of AAPL

    17,000 # of petition signers to keep XP

    17,000 Zunes sold (nah, too high)

  2. I’m glad this came out, the internet is finally running normal again on flash sites again. I was cursing Leopard because the only machine that ran the internet slow was the Leopard machine. Everything is snappy again

  3. well, it would be good if it worked and didn’t crash when going to a webpage. I installed the first beta that came out for Safari for Windows. Worked just fine. I saw that Apple suggested to update Flash and Java (it was on the homepage when I first loaded the first beta). So I updated both, and ever since, Safari crashes on startup or crashes when trying to go to any webpage but google (which I made my homepage). Crashes when coming to macdailynews before the top banner even shows completely. I have not found a way to fix this. I have used Macs for about 15 years, but if this is what other people are experiencing as I am with Safari for Windows, and Apple support not having any way to deal with it, or no one to support or fix these problems because it’s a Windows machine, then I can see why some people would not buy Apple (and I own AAPL stock, so this definitely is not good when I can’t even run Safari for Windows while I hear nothing from Apple about how it’s the best. Well, not in my experience it’s not. It won’t even run).

  4. Pith helmet is still working on my iMacG4 800 has been since 3.0 came out. no new updates have been done on pith-helmet since the update for 3.0 release. I have not updated the intel mac mini yet.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.