On June 23, June 26, Apple upgraded its Safari browser for Windows to fix two vulnerabilities that may trigger fraud and HTTP redirection attacks. This is the second batch of patch software released by Apple since the release of the Windows Safari browser.
According to the zdnet blog website, both defects affect Windows XP and Windows Vista users. One patch is applicable to Safari of Mac OS X.
Details of the latest patch software:
· CVE-2007-2398 in Safari Beta 3.0.1 of Windows, a time issue allows the Web page to change the content of the address bar without loading the content of the corresponding Web page. This defect can be used to fool the content of a legitimate website and enable hackers to collect user certificates and other personal information.
· The Secure Mode of Safari prevents JavaScript on remote web pages from modifying webpages outside their domains so that cookies and webpages can be read and modified at will. This vulnerability affects Mac OS X users.
Apple also released a WebCore patch to fix an HTTP injection vulnerability in XMLHttpRequest. Hackers can initiate cross-site scripting attacks by enticing users to access a malicious webpage. This vulnerability affects Mac OS X, Windows XP, and Windows Vista.
The fourth defect lies in WebKit. Patch software fixes a code execution issue that affects Mac OS X, Windows XP, and Windows Vista. Hackers can exploit this vulnerability to attack a malicious website.
Related Articles]
- The user complained that it took 57 seconds to start Safari with an empty name.
- Apple Safari is vulnerable. Nine vulnerabilities have been detected.
- Three vulnerabilities in Safari browser released in less than three days have been repaired