This was reportedly caused by “a use after free issue” that existed in the handling of text nodes.Īpple’s Safari 5.0.5 security advisory also mentions that several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. The second vulnerability (CVE-2011-1344) also involves visiting a maliciously crafted website.
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.” “An integer overflow issue existed in the handling of nodesets. Specifically, two WebKit vulnerabilities affect Safari users running Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, or XP SP2 or later.ĭiscovered and reported by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann working with TippingPoint's Zero Day Initiative, the first one (CVE-2011-1290) is described as follows:
New versions of Apple’s Safari web browser are available for download to Mac and Windows PC users containing patches for a handful of security holes.Īccording to the Mac maker, “This update is recommended for all Safari users and includes the latest security updates.”
