Apple has updated Safari to version 3.2 for both Mac OS X and Windows XP/Vista. A dozen security holes were plugged, including some that were deemed ‘very serious.’ The holes could allow someone to take over the compromised machine.
The more serious holes include:
a heap buffer overflow issue that could allow a specially designed html page to cause application termination or arbitrary code execution.
a heap buffer overflow in CoreGraphics handling of color spaces could allow a specially designed image to lead to unexpected application termination or arbitrary code execution.
a problem with memory access issues in ‘libTIFF’s handling of compressed TIFF images could cause, yet again, application termination or arbitrary code execution.
And the list goes on. This proves, yet again, that no matter how smart your developers are, no matter how diligent they think they are, they are not perfect. I think “PC” should remind them in the next ‘get a mac’ commercial. But, hey, if he doesn’t, I don’t mind picking up the slack. After all, it is my duty to point out that OS X Leopard is broken and needs to be fixed.