or Connect
AppleInsider › Forums › Software › Mac Software › Apple releases Safari 3.1.1 to address four security issues
New Posts  All Forums:Forum Nav:

Apple releases Safari 3.1.1 to address four security issues

post #1 of 20
Thread Starter 
Apple on Wednesday afternoon released version 3.1.1 of its Safari web browser to address a handful of security issues, including one widely publicized vulnerability that allowed a MacBook Air to be compromised during a recent security conference.

The 39MB release, available for both Macs and Windows PCs, is recommended for all Safari users and includes improvements to stability, compatibility and security.

Specifically, Apple said the update patches four security issues, including a heap buffer overflow that existed within the browser's WebKit framework for handling JavaScript regular expressions.

The issue was reported by Charlie Miller, who discovered and exploited the vulnerability on a MacBook Air to win a $10,000 prize at last month's CanSecWest security conference.

The Safari 3.1.1 update also addressed a second issue within WebKit's handling of URLs containing a colon character in the host name. By exploiting that vulnerability, a hacker could use a maliciously crafted URL to lead a cross-site scripting attack, Apple said.

Two other issues with the Safari application itself were also addressed, though they concerned only the PC version of the browser. One of those issues made it possible for a maliciously crafted website to control the contents of a user's address bar, while the other made it possible for maliciously crafted website to cause arbitrary code execution or the Safari application to unexpectedly quit. 

post #2 of 20
Do they patch this kind of stuff in webkit in parallel?
post #3 of 20
Quote:
Originally Posted by walshbj View Post

Do they patch this kind of stuff in webkit in parallel?

I'm not liking this new safari 3.1.1. It's been doing weird things and it seems to hang.
post #4 of 20
Quote:
Originally Posted by sc_markt View Post

I'm not liking this new safari 3.1.1. It's been doing weird things and it seems to hang.

I noticed that too until I reset Safari. Now much better.
Switching From Windows on Nov. 30th 2007
-------------------------------------
MacBook Pro 13" 2011
Reply
Switching From Windows on Nov. 30th 2007
-------------------------------------
MacBook Pro 13" 2011
Reply
post #5 of 20
What's going on in Safari that requires a reboot to update? If it's that tightly integrated with the core of the OS, didn't that contribute to the security liability that took down the Air in that contest?
post #6 of 20
Quote:
Originally Posted by JeffDM View Post

What's going on in Safari that requires a reboot to update?

My concerns as well. I'm not a fan of teh way Leopard goes into another mode to install system updates, requires more reboots for regular apps and that the updates seem overly large in size.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #7 of 20
Quote:
Originally Posted by solipsism View Post

My concerns as well. I'm not a fan of teh way Leopard goes into another mode to install system updates, requires more reboots for regular apps and that the updates seem overly large in size.

Typically, if they are updating shared libraries that other apps using then they require a reboot.

I wasn't a fan of the firmware update a week or so ago. It was simple enough to do, but why did the user have to be involved. Firmware updates should be a little more automatic than having to depress a power button till a system beep goes off. Fun stuff!
post #8 of 20
Quote:
Originally Posted by MacTel View Post

I wasn't a fan of the firmware update a week or so ago. It was simple enough to do, but why did the user have to be involved. Firmware updates should be a little more automatic than having to depress a power button till a system beep goes off. Fun stuff!

The first Mac Pro update required the user to hold the power button, but the second didn't.
post #9 of 20
Quote:
Originally Posted by JeffDM View Post

What's going on in Safari that requires a reboot to update? If it's that tightly integrated with the core of the OS, didn't that contribute to the security liability that took down the Air in that contest?

WebKit and other System Frameworks are getting updated, new linking and more.

WebKit is system-wide with the HTML Help system.
post #10 of 20
Quote:
Originally Posted by sc_markt View Post

I'm not liking this new safari 3.1.1. It's been doing weird things and it seems to hang.

I'm not sure which web site you are having issues with but I did notice my Yahoo Mail account having problems that started just before the Safari update. So in that case at least it is not an update issue.

So far though it seems to work fine for me.
post #11 of 20
updated to 3.1.1 and no issues found
post #12 of 20
Quote:
Originally Posted by internetworld7 View Post

I noticed that too until I reset Safari. Now much better.

I noticed it also, a reset seems to fix it

Cheers

Jan
Jan

http://theFruitSoup.com - http://ColinClose.com/ - Download some free music I am involved in!
Reply
Jan

http://theFruitSoup.com - http://ColinClose.com/ - Download some free music I am involved in!
Reply
post #13 of 20
Youtube no longer works. Downloaded the newest flash player, and still doesn't work.
Great update \
post #14 of 20
Quote:
Originally Posted by rain View Post

Youtube no longer works. Downloaded the newest flash player, and still doesn't work.
Great update \

YouTube works fine for me.

Initially it seemed to have problems with any site I had been to recently but I only needed to clear cache to fix this, didn't need reset. Now all seems fine.
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #15 of 20
A lot of us still think that reseting Safari is the same option we had in previous versions.
Note that at this version and 3.1 too reseting Safari opens a window asking the user what to reset.
So now reset is similar to Firefox's clear private data dialog box.

I use it regularly to clean Safari.

post #16 of 20
Quote:
Originally Posted by Nano_tube View Post

Note that at this version and 3.1 too reseting Safari opens a window asking the user what to reset.
So now reset is similar to Firefox's clear private data dialog box.

I did not know this. Thanks.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #17 of 20
Quote:
Originally Posted by solipsism View Post

My concerns as well. I'm not a fan of teh way Leopard goes into another mode to install system updates, requires more reboots for regular apps and that the updates seem overly large in size.

I like this new way. It seems like there will be fewer install problems because it's off a fresh boot, without any applications/processes running which may interfere with the update.
post #18 of 20
Quote:
Originally Posted by k squared View Post

I like this new way. It seems like there will be fewer install problems because it's off a fresh boot, without any applications/processes running which may interfere with the update.

YOu're probably correct, but one thing I always touted OS X over Windows was taht simple updates didn't require restarts.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #19 of 20
I'm running safari 3.1.1 on a macbook running 10.4.11 - it's not a happy place.

I can;t get onto secure websites: firefox is fine with them but my banking, my email, university pages, my .Mac - which is being iffy today - are all being bounced in safari because it "couldnt establish a secure connection to the server www.amazon.co.uk." - as an example.

Any suggestions?
post #20 of 20
Updater gave me an error on my Mac Pro and now Safari won't work at all.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Apple releases Safari 3.1.1 to address four security issues