Safari 4.0 released - contains security fixes
Last Updated: 2009-06-09 17:03:04 UTC
by Swa Frantzen (Version: 1)
Apple released yesterday an update to Safari 4.0 (which had been in beta for quite some time)
The release also contains a large number of fixes for security vulnerabilities:
CFNetwork: CVE-2009-1704, CVE-2009-1716
International components for Unicode: CVE-2009-0153
libxml: CVE-2008-3281, CVE-2008-3529, CVE-2008-4409, CVE-2008-4225, CVE-2008-4226
Safari: CVE-2009-1682, CVE-2009-1706, CVE-2009-1707, CVE-2009-1708
Safari windows installer (no CVE name)
Webkit: CVE-2006-2783, CVE-2008-1588, CVE-2008-2320, CVE-2008-3632, CVE-2008-4231, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1690, CVE-2009-1691, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718
Needles to say, this update comes as highly recommended for anybody using safari.
Note some CVE names are quite old ... e.g. CVE-2006-2783 was first discussed more than 3 years ago in Mozilla (June 1st, 2006) and was fixed by Apple for iPhone and iPod almost a year ago (July 11th, 2008).
Swa Frantzen -- Section 66