Apple Safari 4.0.4 Update Tackles Security Flaws Seven Security Flaws Patched in Safari 4.0.4 Sean Michael Kerner
From the 'WebKit Flaws' files:
Apple is updating its Safari Web browser to version 4.0.4 to fix seven identified CVE's (Common Vulnerabilities and Exposures) spread across both Mac and Windows versions of the software.
Three of the fixes are for Safari's core WebKit rendering engine, and in my opinion they're critical issues. What's particularly interesting is how the issues were identified in one case by Google and in the other by Apple. Both Google and Apple rely on WebKit as the key rendering infrastructure for their respective browsers.
One of the issues is a Cross Site Request Forgery (CSRF) flaw in how WebKit enables a page from one location to access a resource in another place.
"WebKit sends a preflight request to the latter server for access to the resource," Apple's advisory states. "WebKit includes custom HTTP headers specified by the requesting page in the preflight request. This can facilitate cross-site request forgery."
That's pretty serious and in my opinion not terribly difficult to execute either. What makes this vulnerability even more ominous is the fact that since it's in WebKit, it could potentially have found its way into the iPhone or Google's Chrome as well. This particular vulnerability was discovered by Apple's own security researchers.
The other WebKit fix in Safari 4.0.4 deals with WebKit's handling of FTP directory listings. In the WebKit FTP case, Apple credits Michal Zalewski of Google Inc. for reporting the issue. According to Apple, accessing a maliciously crafted FTP server could have potentially led to arbitrary code execution.
Last but not least, another WebKit fix deals with a HTML 5 issue related to loading audio and video content. The flaw could potentially have enabled a browser to load remote content even when the user had already disabled the feature.
Apple's last Safari update,version 4.0.3 came out in August and fixed 6 flaws.
From the 'WebKit Flaws' files:
