Apple fixes Safari, scores 5bn iTunes downloads

June 20th, 2008 by Robert Vamosi and Jonathan Skillings Tagged with: vulnerability, update, safari, patch, itunes, fault, download, apple, retailer, purchase, music

Apple on Thursday released a new version of Safari for Windows that includes a security fix for a high-profile carpet-bombing desktop attack vulnerability.

The Safari update is only for Windows users running XP or Vista, not Mac OSX versions. Version 3.1.2 of Safari for Windows can be downloaded and installed from Apple Downloads, or you can download Safari 3.1 here.

The update addresses CVE-2008-2540, a vulnerability in how Windows desktop handles executable files.

Apple said: "Saving an untrusted file to the Windows desktop may trigger the issue, and lead to the execution of arbitrary code. Web browsers are a means by which files may be saved to the desktop. To help mitigate this issue, the Safari browser has been updated to prompt the user prior to saving a download file. Also, the default download location is changed to the user's Downloads folder on Windows Vista, and to the user's Documents folder on Windows XP." Apple credits Aviv Raff for reporting the vulnerability.

Apple also released updates which address CVE-2008-2306 — an Internet Explorer 7 vulnerability — and CVE-2008-2307 — a Javascript fault.

In addition to releasing the Safari updates and opening its first retail store in Australia yesterday, Apple also reported that it had reached five billion purchased and downloaded songs on iTunes, making it the largest music retailer in the US.