Stephen Withers
Thursday, 02 August 2007 01:32
Business IT -
Technology
The third beta release of Safari 3 for Mac OS X and Windows delivers more security updates.
Two of the changes are in the WebKit framework used by Safari, and match patches delivered in the
iPhone v1.0.1 Update. They reduce the risk of the user being misled by Unicode characters in URLs, and guard against the
JavaScript attack developed by Independent Security Evaluators that allows a malicious web page to execute arbitrary code (
as previously reported by iTWire).
Another WebKit patch addresses an issue whereby a maliciously crafted web page could load and run Java applets regardless of the setting of Safari's Enable Java preference.
The final patch is in Safari itself and only applies to the Windows version. Adding a bookmark with an overlong title could cause a stack buffer overflow. Safari 3.0.3 performs bounds checking on bookmark titles to prevent this.
The Windows version also includes changes for improved stability, but Apple does not mention any new features in Beta 3.
Safari 3.0.3 can be downloaded from
Apple's web site.