Apple Posts Safari 3.1.2, Fixes WebKit Security Issue in Tiger

by , 7:00 PM EDT, June 30th, 2008

Late on Monday, Apple posted Safari 3.1.2 for OS X Tiger 10.4.11 which fixes a security issue related to Webkit handling of JavaScript arrays that could lead to arbitrary code execution. The identifier is CVE-2008-2307.

Apple described the fix as follows:

WebKit
CVE-ID: CVE-2008-2307

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.1.2 for Windows XP or Vista, and also in systems running Mac OS X v10.5.4. Credit to James Urquhart for reporting this issue.

Safari 3.1.2 for Mac OS X v10.4.11 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/