Safari 3.2.3 improves security

Apple has released Safari 3.2.3, a new release of its Web browser for Mac OS X 10.4, 10.5 and Windows.

Apple indicates that the update is recommended for all Safari users, and includes the latest security updates. Specific changes have been made to libxml, Safari and WebKit files, according to Apple.

Libxml, a software library used to parse Extensible Markup Language (XML) documents, has been updated to better handle a heap buffer overflow situation. The update corrects the problem through improved bounds checking.

Safari itself has been updated to correct multiple input validation issues that could cause arbitrary code to be executed with a maliciously-crafted “feed:” URL. Additional validation has been made to fix that issue.

Lastly, WebKit, the application framework used to make Safari, has also been improved. A memory corruption issue has been corrected through improved bounds checking; under some circumstances, a maliciously-crafted Web site could lead to arbitrary code execution.

Safari 3.2.3 should not be confused with the beta release of 4 for Mac and Windows that remains available for download from Apple’s Web site.

Safari 3.2.3 is included with the Mac OS X 10.5.7 update, also released on Tuesday.

Editor’s note: Updated 5:50 PM ET with more details about security changes.

Subscribe to the Apple @ Work Newsletter

Comments