For boys who like boys who like mandroids!

Homotron Feeds:

Staff:

Editor'n'Chief: Fruit Brute - Email
Editor: tiny dancer - Email
Writer: Ed Rodriguez - Email
Writer: Jesse James - Email
Writer: NeonMadman - Email
Contributor: Super Timsy - Email
Contributor: Asterick - Email
Contributor: SuperSpecialDavey - Email
ÜberDork: Mikey - Email
Have a tip?
Send it to us here!

Archives:

Hot Stuff: Gay Founder Of Geocities Invests In New LGBT Social Networking Site · Homotron Awakes With iPad Launch · Oracle Buys Sun For $7.4 Billion · From GayGamer: Pirate Bay Founders Arrrr Guilty · Update: Amazon.fail Official Response ·

Safari Gets 11 Security Fixes

Hi, me again with more Apple news: yesterday Apple released Safari 3.2, although some of the updates came to Mac users through the big update back in October. Eight updates apply directly to Safari itself, with three addressing security vulnerabilities in WebKit.

Only a handful of the fixes are intended for Mac OS users, but they all apply to Windows XP and Vista users, and most prevent against malicious attacks.

As Apple sees its market share grow it's only natural that we'll see a concomitant rise in the exposition of security flaws and, therefore, we'll see a rise in the number of security fixes. What's ironic is that most of these fixes still manage to be native to Windows. Poor Microsoft - even when Apple steals your pie, the security holes still seem to be Windows-based. That's rough business.

See details after the jump, courtesy of CNet.

Safari-1
This patch affects Safari users on Windows XP or Vista. This update addresses multiple vulnerabilities in zlib 1.2.2 detailed within CVE-2005-2096. Apple credits Robbie Joosten of bioinformatics@school, and David Gunnells of the University of Alabama at Birmingham for reporting the vulnerabilities.

Safari-2
This patch affects users of Windows XP or Vista. This update addresses the security issue in the libxslt library detailed within CVE-2008-1767 in which processing an XML document may lead to an unexpected application termination or arbitrary code execution. Apple credits Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of the Google Security Team for finding the vulnerability.

Safari-3
This patch affects users of Windows XP or Vista. The update addresses the heap buffer overflow issue that exists in the CoreGraphics' handling of color spaces detailed within CVE-2008-3623 in which viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. Apple credits itself for finding the vulnerability.

Safari-4
This patch affects users of Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-2327 in which viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. Apple credits itself for finding the vulnerability.

Safari-5
This patch affects users of Windows XP or Vista. The update addresses the vulnerabilities detailed within CVE-2008-2332 in which viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. Specifically, a memory corruption issue exists in ImageIO's handling of embedded ICC profiles in JPEG images. Apple credits Robert Swiecki of the Google Security Team for finding the vulnerability.

Safari-6
This patch affects users of Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-3608 in which viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. Apple credits itself for finding the vulnerability.

Safari-7
This patch affects users of Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-3642 in which viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. Apple credits itself for finding the vulnerability.

Safari-8
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.5, or Windows XP or Vista. The update addresses the vulnerabilities detailed within CVE-2008-3644 in which disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a local user. Apple credits an anonymous researcher for finding the vulnerability.

WebKit-1
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.5, or Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-2303 in which visiting a maliciously crafted Web site may lead to an unexpected application termination or arbitrary code execution. Apple credits SkyLined of Google for finding the vulnerability.

WebKit-2
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.5, and Windows XP or Vista. The update addresses the vulnerabilities detailed within CVE-2008-2317 in which visiting a maliciously crafted Web site may lead to an unexpected application termination or arbitrary code execution. Specifically, a memory corruption issue exists in WebCore's handling of style sheet elements. The issue has already been addressed in systems running Mac OS X v10.5.5. Apple credits the TippingPoint Zero Day Initiative for finding the vulnerability.

Webkit-3
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.5, and Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-4216 in which visiting a maliciously crafted Web site may lead to the disclosure of sensitive information. This update addresses the issue by restricting the types of URLs that may be launched via the plug-in interface. Apple credits Billy Rios of Microsoft, and Nitesh Dhanjani of Ernst & Young for finding this vulnerability.