Apple has released security updates for its Safari Web browser in order to address three vulnerabilities that could result in arbitrary code execution.
The new Safari 5.0.2 was released for both Windows and Mac OS X, while the 4.1.2 update is only available to Mac Tiger users.
One of the resolved issues, identified as CVE-2010-1805, is the result of a Windows design flaw dubbed binary planting, which also affects hundreds of other applications.
The vulnerability stems from the way the operating system prioritizes particular locations when searching for a binary file that is to be executed and no absolute path is specified.
"When displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path.
"Attempting to reveal the location of a downloaded file may execute an application contained in that directory, which may lead to arbitrary code execution
," Apple explains in its advisory
The other two vulnerabilities are located in the WebKit engine and affect older Safari 4 and 5 versions on both Windows and Mac.
One of them (CVE-2010-1807) is the result result of improper validation of certain floating data types and was reported to Apple's security team by a Mozilla developer named Luke Wagner.
The other (CVE-2010-1806 ) is an issue with handling certain elements with run-in styling and was reported through TippingPoint's Zero Day Initiative (ZDI) vulnerability disclosure program.
These flaws can be exploited remotely to execute arbitrary code by tricking users into visiting maliciously crafted Web pages.
Being located in WebKit, both of the flaws also affected iTunes and were fixed in the iTunes 10 update, that was released a week ago.
Safari 5.0.2 for Windows and Safari 4.1.2 for Mac can be downloaded from here
Safari 5.0.2 for Mac can be downloaded from here