Advertisement

Safari 4.0.5 now available in Software Update

michael rose
Editor
Updated ·10 min read


New browser time -- and unfortunately, time to restart your Mac. Safari has been updated (for 10.4, 10.5 and 10.6 on the Mac side, and Windows XP/Vista/7 on the Win side); it includes the improvements noted:

  • Performance improvements for Top Sites

  • Stability improvements for plug-ins, and for sites with SVG graphics and online forms

  • Fixes issues affecting settings changes to some Linksys routers and iWork.com user comments

There are also a slew of security fixes in this update; full list is in the continuation of this post, via the Apple Product Security mailing list.

The update weighs in at 31.8 MB on my Snow Leopard install, but your download size may vary. You can get it in Software Update or via the Safari download page.

Safari 4.0.5 is now available and addresses the following:

ColorSync

CVE-ID: CVE-2010-0040

Available for: Windows 7, Vista, XP

Impact: Viewing a maliciously crafted image with an embedded color

profile may lead to an unexpected application termination or

arbitrary code execution

Description: An integer overflow, that could result in a heap buffer

overflow, exists in the handling of images with an embedded color

profile. Opening a maliciously crafted image with an embedded color

profile may lead to an unexpected application termination or

arbitrary code execution. The issue is addressed by performing

additional validation of color profiles. This issue does not affect

Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability

Research Team for reporting this issue.


ImageIO

CVE-ID: CVE-2009-2285

Available for: Windows 7, Vista, XP

Impact: Viewing a maliciously crafted TIFF image may lead to an

unexpected application termination or arbitrary code execution

Description: A buffer underflow exists in ImageIO's handling of TIFF

images. Viewing a maliciously crafted TIFF image may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed through improved bounds checking. For Mac OS X

v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac

OS X v10.5 systems, this issue is addressed in Security Update

2010-001.


ImageIO

CVE-ID: CVE-2010-0041

Available for: Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may result in sending

data from Safari's memory to the website

Description: An uninitialized memory access issue exists in

ImageIO's handling of BMP images. Visiting a maliciously crafted

website may result in sending data from Safari's memory to the

website. This issue is addressed through improved memory handling and

additional validation of BMP images. Credit to Matthew 'j00ru'

Jurczyk of Hispasec for reporting this issue.


ImageIO

CVE-ID: CVE-2010-0042

Available for: Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may result in sending

data from Safari's memory to the website

Description: An uninitialized memory access issue exists in

ImageIO's handling of TIFF images. Visiting a maliciously crafted

website may result in sending data from Safari's memory to the

website. This issue is addressed through improved memory handling and

additional validation of TIFF images. Credit to Matthew 'j00ru'

Jurczyk of Hispasec for reporting this issue.


ImageIO

CVE-ID: CVE-2010-0043

Available for: Windows 7, Vista, XP

Impact: Processing a maliciously crafted TIFF image may lead to an

unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of

TIFF images. Processing a maliciously crafted TIFF image may lead to

an unexpected application termination or arbitrary code execution.

This issue is addressed through improved memory handling. Credit to

Gus Mueller of Flying Meat for reporting this issue.


PubSub

CVE-ID: CVE-2010-0044

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting or updating a feed may result in a cookie being

set, even if Safari is configured to block cookies

Description: An implementation issue exists in the handling of

cookies set by RSS and Atom feeds. Visiting or updating a feed may

result in a cookie being set, even if Safari is configured to block

cookies via the "Accept Cookies" preference. This update addresses

the issue by respecting the preference while updating or viewing

feeds.


Safari

CVE-ID: CVE-2010-0045

Available for: Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to arbitrary

code execution

Description: An issue in Safari's handling of external URL schemes

may cause a local file to be opened in response to a URL encountered

on a web page. Visiting a maliciously crafted website may lead to

arbitrary code execution. This update addresses the issue through

improved validation of external URLs. This issue does not affect Mac

OS X systems. Credit to Billy Rios and Microsoft Vulnerability

Research (MSVR) for reporting this issue.


WebKit

CVE-ID: CVE-2010-0046

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling

of CSS format() arguments. Visiting a maliciously crafted website may

lead to an unexpected application termination or arbitrary code

execution. This issue is addressed through improved handling of CSS

format() arguments. Credit to Robert Swiecki of Google Inc. for

reporting this issue.


WebKit

CVE-ID: CVE-2010-0047

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A use-after-free issue exists in the handling of HTML

object element fallback content. Visiting a maliciously crafted

website may lead to an unexpected application termination or

arbitrary code execution. This issue is addressed through improved

memory reference tracking. Credit to wushi of team509, working with

TippingPoint's Zero Day Initiative for reporting this issue.


WebKit

CVE-ID: CVE-2010-0048

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A use-after-free issue exists in WebKit's parsing of

XML documents. Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed through improved memory reference tracking.


Webkit

CVE-ID: CVE-2010-0049

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A use-after-free issue exists in the handling of HTML

elements containing right-to-left displayed text. Visiting a

maliciously crafted website may lead to an unexpected application

termination or arbitrary code execution. This issue is addressed

through improved memory reference tracking. Credit to wushi&Z of

team509 for reporting this issue.


WebKit

CVE-ID: CVE-2010-0050

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A use-after-free issue exists in WebKit's handling of

incorrectly nested HTML tags. Visiting a maliciously crafted website

may lead to an unexpected application termination or arbitrary code

execution. This issue is addressed through improved memory reference

tracking. Credit to wushi&Z of team509 working with TippingPoint's

Zero Day Initiative for reporting this issue.


WebKit

CVE-ID: CVE-2010-0051

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to the

disclosure of sensitive information

Description: An implementation issue exists in WebKit's handling of

cross-origin stylesheet requests. Visiting a maliciously crafted

website may disclose the content of protected resources on another

website. This update addresses the issue by performing additional

validation on stylesheets that are loaded during a cross-origin

request.


WebKit

CVE-ID: CVE-2010-0052

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A use-after-free issue exists in WebKit's handling of

callbacks for HTML elements. Visiting a maliciously crafted website

may lead to an unexpected application termination or arbitrary code

execution. This issue is addressed through improved memory reference

tracking. Credit: Apple.


WebKit

CVE-ID: CVE-2010-0053

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A use-after-free issue exists in the rendering of

content with a CSS display property set to 'run-in'. Visiting a

maliciously crafted website may lead to an unexpected application

termination or arbitrary code execution. This issue is addressed

through improved memory reference tracking. Credit to wushi of

team509, working with TippingPoint's Zero Day Initiative for

reporting this issue.


WebKit

CVE-ID: CVE-2010-0054

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,

Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,

Windows 7, Vista, XP

Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A use-after-free issue exists in WebKit's handling of

HTML image elements. Visiting a maliciously crafted website may lead

to an unexpected application termination or arbitrary code execution.

This issue is addressed through improved memory reference tracking.

Credit: Apple.