Apple Releases Safari Beta 3.0.2, Security Update 2007-006

[MacRumors]

Apple has released an update to its Safari browser, Beta 3.0.2 for Mac and PC via its website and Software Update.

Changes in Safari 3.0.2 for Windows beta:
- Latest security updates
- Improved stability
- Fixes for text display, non-English systems, and start-up times

Changes in Safari 3.0.2 for Mac OS X beta:
-Latest security updates
-Improved stability
-Improved WebKit support for Mail, iChat and Dashboard

Also released today is Security Update 2007-006 for Mac OS 10.3.9 and Mac OS 10.4.9 and later. The update addresses two vulnerabilities in WebKit, one of which could lead to an unexpected application termination or arbitrary code execution. More information on the update can be found here.

Though still in beta, the initial release of Safari 3.0 had seen 8 vulnerabilities discovered within 24 hours of its release, some of which were cross-platform. Apple quickly released Safari 3.0.1 for Windows which addressed some of the Windows-specific vulnerabilities discovered.

 

[EricNau]

The security update isn't showing up for me.

 

[longofest]

The security update isn't showing up for me.

I haven't seen the security update in Software Update yet, but its on Apple's website.

 

[Peace]

I think people with 10.4.10 don't need the security update.I tried to install it and it wouldn't let me.

 

[Luis]

Me neither... I guess it needs some time, it always reaches some people first.

 

[NewSc2]

Though still in beta, the initial release of Safari 3.0 had seen 8 vulnerabilities discovered within 24 hours of its release, some of which were cross-platform. Apple quickly released Safari 3.0.1 for Windows which addressed some of the Windows-specific vulnerabilities discovered.

So some of the Apple vulnerabilities haven't been fixed yet? I haven't downloaded Safari 3 myself (quite fond of Firefox) but I thought I'd check it out.

 

[TheAnswer]

I actually think that you won't get both updates if you are running the beta...since the security update patches WebKit, maybe it's part of the Safari beta update? And those not running the beta will get the security update?

 

[roland.g]

3.0.2 still didn't fix the fact that the white headlines within the red bar on the MR front page news items are wayyyy tooo booold. As is everything else. It is so thick and blurry. So much for text display fixes.

 

[Doctor Q]

Security Update 2007-006 details

WebCore

Visiting a malicious website may allow cross-site requests

An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.​

WebKit

Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.​

 

[Dr.Gargoyle]

Hmmm, looks like we will go to 3.0.97 rather fast.

 

[longofest]

So some of the Apple vulnerabilities haven't been fixed yet? I haven't downloaded Safari 3 myself (quite fond of Firefox) but I thought I'd check it out.

yeah... 3.0.1 only addressed the Windows-specific vulnerabilities. Some folks took that to mean that the vulnerabilities that were found WERE only windows-specific, but that's not the case. Apple just took a little while to fix the rest of them. Even now, I'm not sure whether all of them have been patched, as a few more have been trickling out, although they haven't been as severe, hence why we haven't been covering them.

 

[flopticalcube]

Safari on OSX requires a restart. Not under Windows. Seems to be working OK.

 

[Eraserhead]

I think people with 10.4.10 don't need the security update.I tried to install it and it wouldn't let me.

I suspect they are only for Safari 2.0.x users, as some vulnerabilities affected that version too, which is why they aren't in software update.

 

[Loge]

I think people with 10.4.10 don't need the security update.I tried to install it and it wouldn't let me.

I'm on 10.4.10 and it did install for me.

 

[Eraserhead]

I'm on 10.4.10 and it did install for me.

Safari 2.0.x user?

 

[IEatApples]

It fixed my widgets!

 

[Nermal]

I have 10.4.10 and Safari 2.0.4 and it's prompting me to install the update.

 

[Snowy_River]

Still hasn't fixed the proxy issue on my work machine.
Running it on my PB, but can't run it on my WinXP work machine because of proxy issues.

 

[MacTheSpoon]

3.0.2 still didn't fix the fact that the white headlines within the red bar on the MR front page news items are wayyyy tooo booold. As is everything else. It is so thick and blurry. So much for text display fixes.

Crap, that's too bad... hope they fix that in the next update...

 

[Chrysaor]

Is it themeable with Shapeshifter yet?

 

[Cameront9]

Installed with no issues on my Windows machine at work. I'm not trying the beta on my Mac, though...

Can I just say that Safari on windows seems Snappier after the update?

 

[Nermal]

Still hasn't fixed the proxy issue on my work machine.
Running it on my PB, but can't run it on my WinXP work machine because of proxy issues.

Ugh, I was hoping to try it at work on Monday but it sounds like it's still not going to work

 

[Cameront9]

3.0.2 still didn't fix the fact that the white headlines within the red bar on the MR front page news items are wayyyy tooo booold. As is everything else. It is so thick and blurry. So much for text display fixes.

Not having that issue here on my Windows machine. Have you tried turning the font rending to light under the preferences? I'm finding it looks EXACTLY like Safari for OS X and that the reason you think it looks blurry is psychological, since it looks so different from Windows font smoothing.

 

[MacSA]

Safari for Windows: Is the 3.0.2 update only available through software update? Or does the link to the Apple website download 3.0.2 as a complete package? I still haven't been able to get it to work on XP SP2 so i'm not sure if this latest download/update is worth bothering with.

 

[bilbo--baggins]

I'd be interested to hear if Safari 3.0.2 fixes the bugs that the previous beta caused in Mail.