Apple fixes deadly errors in Safari

Yesterday (April 16), Apple also upgraded Safari for Mac OS X and Windows to a new version to overcome a series of dangerous security bugs in this web browser.

Information from developers indicates that Safari 3.1.1 has been significantly improved in terms of stability, compatibility and security. Notably, in this upgrade, Apple fixed a dangerous security vulnerability recently discovered.

The security flaw helped security researcher Charlie Miller win a $ 10,000 prize in the OWN Hacking PWN 2 contest held at the 2008 CanSecWest Security Conference three weeks ago.

According to Miller's disclosure, the above error stems from Safari's open source HTML regeneration engine WebKit and some other software in the Mac OS X operating system. The error will arise when WebKit must process a JavaScript commands are programmed in a separate direction. To exploit this error, hackers have to lure users to access a website that has been pre-implanted with JavaScript code as above.

Expert Miller said the old versions of WebKit also made the above mistake. This situation has put some browser versions for Linux and mobile phones at risk of being attacked.

The second security flaw in WebKit has also been fixed by Apple this time, an error that could be exploited to cross-site scripting (XSS) attacks, helping hackers steal personal information from users.

Apple says Safari for Mac OS X and Windows both suffers from WebKit bugs and recommends users upgrade to the new version as soon as possible. Users can download Safari 3.1.1 directly here or use the Software Update feature integrated with the browser.