Loading ...Apple Patches Safari Vulnerabilities
The fixes include patching a zero-day vulnerability in Apple’s Web browser that allowed researchers to compromise a MacBook Air.
Apple on Wednesday issued a security patch for its Safari Web browser that fixes a widely reported vulnerability and three other holes, two of which affect only Windows versions.
At the CanSecWest security conference last month, security researchers Charlie Miller, Jake Honoroff, and Mark Daniel, from Independent Security Evaluators, managed to compromise a MacBook Air using a zero-day vulnerability in Safari.
Tipping Point, the sponsor of the contest, said the vulnerability would not be disclosed until Apple issued a patch.
Among the four vulnerabilities fixed in Wednesday’s Safari patch is CVE-2008-1026, which Apple thanks Charlie Miller for reporting.
Apple describes the flaw thus: “A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution.”
Full Story Via InformationWeek
