Apple has just released Safari 3.1.1 for Mac OS X and for Windows, patching a number of security holes. With two patches for Windows and two for Mac, this isn’t a big update, but one of the fixes plugs the vulnerability used in the PWN 2 OWN hacking contest, in which a Mac was hacked in two minutes flat. This fix is described as follows:
A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions.
One may note that it took Apple three weeks after being notified of the above vulnerability to issue this fix.
The other fix patches a cross-site scripting vulnerability: “An issue exists in WebKit’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack.”
This update can be downloaded via the Software Update preference pane in Mac OS X or from Apple’s Safari download page.
