Cross-site scripting hole in Apple Safari for Windows
A cross-site scripting hole in Safari not only affects the web browser on Mac OS X, but also the beta version for Windows. In addition to an update for Mac OS X, Apple has released an updated version for the supported Windows versions.
Attackers can exploit this vulnerability to inject arbitrary content onto websites based on frames and execute script code in the security context of the website, for instance. Other information, such as cookies, can also be gathered. The current software version, which is available from Apple as a download from the Safari site, closes this security leak. The download does not, however, correct any other flaws.
- About the security content of Safari 3 Beta Update 3.0.4 Security Update, Apple's security advisory
- Overview of Safari with download link for the beta version with an integrated security update
(mba)