Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Apple Released Safari 5.1.4 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Released Safari 5.1.4

Apple released Safari 5.1.4 for Windows as well as for OS X.

This update addresses a large number of bugs in Safari itself and in WebKit. Some of the issues fixed:

- Safari for Windows: An International Domain Name (IDN) issue with look alike characters. (I just patched Safari for OS X, and oddly, Safari still appears to render .com domains using international characters vs. punny-code. Firefox and Chrome do not show international characters for .com )

- All versions of Safari: While private browsing was active, sites were still recorded in the browsing history.

- 5 different cross site scripting vulnerabilities in WebKit

- a cookie disclosure vulnerability (WebKit)

- a cross origin issue in Webkit.

- 40 or more webkit issues that could lead to arbitrary code execution.

The update should be listed eventually at the standard Apple security URL: http://support.apple.com/kb/HT1222 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019

Johannes

3558 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!