Apple today released Safari 3.1.1 which is the fastest and easiest-to-use web browser for Macs and Windows PCs. Safari 3 introduces new features to help you find your way and enjoy your time on the web.
Arrange your tabbed windows with just a drag and drop. Instantly and graphically locate any text on the current web page with the new find command. Easily find webpages you have visited with full history search that remembers the text content of sites.
About the security content of Safari 3.1.1:
• Safari
CVE-ID: CVE-2007-2398
Available for: Windows XP or Vista
Impact: A maliciously crafted website may control the contents of the address bar
Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.
• Safari
CVE-ID: CVE-2008-1024
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.
• WebKit
CVE-ID: CVE-2008-1025
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Visiting a malicious website may result in cross-site scripting
Description: An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.
• WebKit
CVE-ID: CVE-2008-1026
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues. MacDailyNews Note: Please see related article: Mac hacked in security contest via undisclosed Safari vulnerability – March 28, 2008
System Requirements:
• Mac OS X 10.4.11
• Mac OS X 10.5.2
• Windows XP
• WIndows Vista
Safari 3.1.1 is available via Software Update and also as a standalone installer
More info and download link here.
MacDailyNews Note: 17,000!
3.1.1 is far snappier than 3.1
me confused . . . 17,000!
17,000 chairs flying in Redmond??
17,000 photocopiers up and running??
17,000 # of shares i wish i had of AAPL
17,000 # of petition signers to keep XP
17,000 Zunes sold (nah, too high)
Has anyone tried the Acid tests with the new version yet?
Does anyone know if this breaks PithHelmet again, after the work around was applied last time?
Does it have the new webkit build that scored 100 on the Acid3 test?
still does not play well with my work proxy. Can’t access gmail or .mac for some reason.
Does not load all images in a page either…
Yessss, It’s snappy.
I like snappy.
@ Kevin: Look at the URL of this page – I think it means 17,000 MDN articles posted.
I’m glad this came out, the internet is finally running normal again on flash sites again. I was cursing Leopard because the only machine that ran the internet slow was the Leopard machine. Everything is snappy again
Thanks Gabriel . . .
I looked everywhere but the address bar . . .
though i still wish i had 17,000 shares of AAPL
well, it would be good if it worked and didn’t crash when going to a webpage. I installed the first beta that came out for Safari for Windows. Worked just fine. I saw that Apple suggested to update Flash and Java (it was on the homepage when I first loaded the first beta). So I updated both, and ever since, Safari crashes on startup or crashes when trying to go to any webpage but google (which I made my homepage). Crashes when coming to macdailynews before the top banner even shows completely. I have not found a way to fix this. I have used Macs for about 15 years, but if this is what other people are experiencing as I am with Safari for Windows, and Apple support not having any way to deal with it, or no one to support or fix these problems because it’s a Windows machine, then I can see why some people would not buy Apple (and I own AAPL stock, so this definitely is not good when I can’t even run Safari for Windows while I hear nothing from Apple about how it’s the best. Well, not in my experience it’s not. It won’t even run).
So when can we have ftp upload capabilities through the browser like Explorer offers without having to purchase ftp client software?
My bookmarks are now syncing correctly between my iMac and MacBook over .Mac. Thanks Apple!
@Kit-n
Don’t you already have this in the Finder?
Pith helmet is still working on my iMacG4 800 has been since 3.0 came out. no new updates have been done on pith-helmet since the update for 3.0 release. I have not updated the intel mac mini yet.
Much faster on my G4
THIS IS GOOD…but Firefox 3.0 beta 5 with both the Yummy GrApple theme (https://addons.mozilla.org/en-US/firefox/search?q=yummy&cat=all) and fission which gives Firefox a Safari progess bar is BETTER! (https://addons.mozilla.org/en-US/firefox/addon/1951)
Before you say otherwise and insert foot in mouth, at least take a look at these two extensions above and try them out in Firefox 3 beta 5. Trust me these little touches make a big difference.
The update logo bounded with this update, but I haven’t downloaded it yet.
@MadMac
Err I do this on the finder also. Why should it be done on a browser? Thats just plain silly or better yet the MS way of doing things.
Cool, AppleMacMan. I can get Firefox 3.0 Beta 5, add two hacks, and then it’s better than Safari. I’d say it’s crack-a-lackin!
Congrats MDN…..17,000!
Safari 3.1.1 only scores 75% on the acid3 test.
Kit-N, have you tried the free CyberDuck?
Or if you aren’t too strapped for cash, you could purchase a copy of the excellent Transmit for $29.95.
Is it as insecure as the Mac version?
Did they fix cookie handling so it’s not all or nothing?
Did they add real ad blocking?
No?
Then who the hell cares.