Numerous vulnerabilities addressed, including:

Safari - Adding bookmarks may lead to denial of service or arbitrary code execution due to stack buffer overflow when long site titles are added to the bookmark list.

WebKit - It is possible to operate Java applets even when Java is disabled. Another issue has also been addressed, where poor IDN support allows for obfuscation of URLs. Poor support for PCRE elements may also lead to arbitrary code execution.

Description:

Yesterday Apple released version 3.0.3 of the Safari 3 Beta Internet browser, addressing a set of vulnerabilities that include issues that can allow a remote attacker to take control over a vulnerable system, prevent access to legitimate use of the application, or obfuscate website addresses.

Mitigation:

Update to version 3.0.3 via the Software Update application (OS X), or via the download link below.

Updates:

http://www.apple.com/safari/download/

Source:

Apple Product Security

Exploits:

CVE-ID: CVE-2007-3743 CVE-ID: CVE-2007-2408 CVE-ID: CVE-2007-3742 CVE-ID: CVE-2007-3944