At Last, Apple Steps Up to Fix a Big Safari Flaw
Zero Day blog
reports that Apple's new 3.1.2 version of Safari for Windows XP and Vista fixes the 'carpet bombing' flaw we told you about
early this month
. The combination of Safari and Internet Explorer on Windows made it possible to 'carpet bomb' the Windows desktop (Safari's default download location) with files, including malware files. Why? Safari, unlike other browsers,
ask the user for permission to download files.
3.1.2's Other Security Fixes
Safari 3.1.2 also torpedoes three other security problems plaguing Windows XP and Vista users:
A fix for the combination of IE7 and Safari on Windows being used to automatically launch executable files from a website in the IE 'Trusted Sites' or 'Intranet' zones
A fix for an out-of-bounds memory read error when handling BMP or GIF images
This quartet of fixes makes Safari 3.1.2 a non-brainer update for current Safari users running Windows. You can read the entire security advisory
, and download Safari 3.1.2 manually
While You're Downloading, Grab a New QuickTime, Too
If you haven't updated QuickTime to version 7.5, you should. QuickTime 7.5, released earlier this month, fixes a
number of security issues
for MacOS as well as Windows.