APPLE-SA-2009-02-12 Safari 3.2.2 for Windows

• Subject: APPLE-SA-2009-02-12 Safari 3.2.2 for Windows
• From: Apple Product Security <email@hidden>
• Date: Thu, 12 Feb 2009 13:27:08 -0800
• Delivered-to: email@hidden
• Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2009-02-12 Safari 3.2.2 for Windows

Safari 3.2.2 for Windows is now available and addresses the
following:

Safari
CVE-ID:  CVE-2009-0137
Available for:  Windows XP or Vista
Impact:  Accessing a maliciously crafted feed: URL may lead to
arbitrary code execution
Description:  Multiple input validation issues exist in Safari's
handling of feed: URLs. The issues allow execution of arbitrary
JavaScript in the local security zone. This update addresses the
issues through improved handling of embedded JavaScript within feed:
URLs. These issues do not affect Mac OS X systems that have applied
Security Update 2009-001. Credit to Clint Ruoho of Laconic Security,
Billy Rios of Microsoft, and Brian Mastenbrook for reporting these
issues.

Safari 3.2.2 is available via the Apple Software Update application,
or Apple's Safari download site at:
http://www.apple.com/safari/download/

Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: b378edc94eb7379056c7969ac918882dc703b53c

Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 25efd930a24603f8850d374ff7bf9b76b9a79bce

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJJlHuQAAoJEHkodeiKZIkBj2oH/j4iLLVtyYZeazZ6xSNQ+U73
rmwxFQSdQ2ckHou/UId49xC7UPZ3px3+YLG2h9gYMB1WW2ADbi0uoI/EUN63tY3C
r8s76/QS7dryeETKn7AsTCgKtunqpRS7lVQRs1FtfYPPwU6kghKKrFFzNxb/BIMl
kKJck69z0/4EOtGRv7kzYPMciUgdPDF0/m7wNOTWvwUTMu0UqrtE5YgR8XbF8LRZ
UTsBTGf1B1I51TT76xyczkXyJ/4HRXa9E7mnwwcZWBtBXXLeYl+WoA5uHCUHM/Hi
XuIedDIDvs9G0RvcqB4ueU2hrgzwaeFjG1iPIi7Dd9GP2hcTOkVxrNln1PqzYq8=
=Kj4R
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



Prev by Date:
APPLE-SA-2009-02-12 Security Update 2009-001

Next by Date:
APPLE-SA-2009-02-12 Java for Mac OS X 10.4, Release 8

Previous by thread:
APPLE-SA-2009-02-12 Security Update 2009-001

Next by thread:
APPLE-SA-2009-02-12 Java for Mac OS X 10.4, Release 8

Index(es):

Date
Thread













  

   
Home
   
Archives
   
Terms/Conditions
   
Contact
   
RSS
   
Lists
   
About
 






Visit the Apple Store online or at retail locations.

1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2011 Apple Inc. All rights reserved.