Apple Patches MacBook Air Hijack Flaw
Apple has slapped a Band-Aid on its Safari for Windows browser to cover four
vulnerabilities that could lead to code execution, cross-site scripting and URL
The Safari 3.1.1 update includes a patch for the flaw the allowed the hijack of a MacBook Air laptop at this year's CanSecWest "PWN to OWN" security contest.
The Safari update, which is available for Windows XP, Windows Vista and Mac OS X (Tiger and Leopard), also provides the following fixes, according to Apple:
CVE-2008-1024 (available for Windows XP or Vista)-"A
memory corruption issue exists in Safari's file downloading. By enticing a user
to download a file with a maliciously crafted name, an attacker may cause an
unexpected application termination or arbitrary code execution. ... This issue
does not affect Mac OS X systems."
CVE-2008-1025 (available for Mac OS X , Windows XP or Vista)-"An issue exists in WebKit's handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack." The Google Information Security Team is credited with finding this vulnerability.
CVE-2007-2398 (available for Windows XP or Vista)-"A timing issue in Safari 3.1 allows a Web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1."