Apple Posts Safari 3.1.2, Fixes WebKit Security Issue in Tiger

Late on Monday, Apple posted Safari 3.1.2 for OS X Tiger 10.4.11 which fixes a security issue related to Webkit handling of JavaScript arrays that could lead to arbitrary code execution. The identifier is CVE-2008-2307.

Apple described the fix as follows:

WebKit
CVE-ID: CVE-2008-2307

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in WebKitis handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.1.2 for Windows XP or Vista, and also in systems running Mac OS X v10.5.4. Credit to James Urquhart for reporting this issue.

Safari 3.1.2 for Mac OS X v10.4.11 is available via the Apple Software Update application, or Appleis Safari download site at: http://www.apple.com/safari/download/