Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2009-02-12 Safari 3.2.2 for Windows
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2009-02-12 Safari 3.2.2 for Windows



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2009-02-12 Safari 3.2.2 for Windows

Safari 3.2.2 for Windows is now available and addresses the
following:

Safari
CVE-ID:  CVE-2009-0137
Available for:  Windows XP or Vista
Impact:  Accessing a maliciously crafted feed: URL may lead to
arbitrary code execution
Description:  Multiple input validation issues exist in Safari's
handling of feed: URLs. The issues allow execution of arbitrary
JavaScript in the local security zone. This update addresses the
issues through improved handling of embedded JavaScript within feed:
URLs. These issues do not affect Mac OS X systems that have applied
Security Update 2009-001. Credit to Clint Ruoho of Laconic Security,
Billy Rios of Microsoft, and Brian Mastenbrook for reporting these
issues.


Safari 3.2.2 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/

Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: b378edc94eb7379056c7969ac918882dc703b53c

Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 25efd930a24603f8850d374ff7bf9b76b9a79bce

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJJlHuQAAoJEHkodeiKZIkBj2oH/j4iLLVtyYZeazZ6xSNQ+U73
rmwxFQSdQ2ckHou/UId49xC7UPZ3px3+YLG2h9gYMB1WW2ADbi0uoI/EUN63tY3C
r8s76/QS7dryeETKn7AsTCgKtunqpRS7lVQRs1FtfYPPwU6kghKKrFFzNxb/BIMl
kKJck69z0/4EOtGRv7kzYPMciUgdPDF0/m7wNOTWvwUTMu0UqrtE5YgR8XbF8LRZ
UTsBTGf1B1I51TT76xyczkXyJ/4HRXa9E7mnwwcZWBtBXXLeYl+WoA5uHCUHM/Hi
XuIedDIDvs9G0RvcqB4ueU2hrgzwaeFjG1iPIi7Dd9GP2hcTOkVxrNln1PqzYq8=
=Kj4R
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.