site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2009-02-12 Safari 3.2.2 for Windows Safari 3.2.2 for Windows is now available and addresses the following: Safari CVE-ID: CVE-2009-0137 Available for: Windows XP or Vista Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution Description: Multiple input validation issues exist in Safari's handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. These issues do not affect Mac OS X systems that have applied Security Update 2009-001. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues. Safari 3.2.2 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari for Windows XP or Vista The download file is named: "SafariSetup.exe" Its SHA-1 digest is: b378edc94eb7379056c7969ac918882dc703b53c Safari+QuickTime for Windows XP or Vista The file is named: "SafariQuickTimeSetup.exe" Its SHA-1 digest is: 25efd930a24603f8850d374ff7bf9b76b9a79bce Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJJlHuQAAoJEHkodeiKZIkBj2oH/j4iLLVtyYZeazZ6xSNQ+U73 rmwxFQSdQ2ckHou/UId49xC7UPZ3px3+YLG2h9gYMB1WW2ADbi0uoI/EUN63tY3C r8s76/QS7dryeETKn7AsTCgKtunqpRS7lVQRs1FtfYPPwU6kghKKrFFzNxb/BIMl kKJck69z0/4EOtGRv7kzYPMciUgdPDF0/m7wNOTWvwUTMu0UqrtE5YgR8XbF8LRZ UTsBTGf1B1I51TT76xyczkXyJ/4HRXa9E7mnwwcZWBtBXXLeYl+WoA5uHCUHM/Hi XuIedDIDvs9G0RvcqB4ueU2hrgzwaeFjG1iPIi7Dd9GP2hcTOkVxrNln1PqzYq8= =Kj4R -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com