Apple Security Update 2007-009 Can Cause Safari Crash

by John Martellaro , 3:50 PM EST, December 18th, 2007

<script language="JavaScript" src="https://bullseye.backbeatmedia.com/bullseye/adserver/253/111/viewJScript?pool=3160&type=3158&pos=22&zone=5000&redirect=ajs&dontcount=1"></script> <noscript><a href="https://adserver1.backbeatmedia.com/servlet/ajrotator/253/111/clickCGI?pos=22&zone=5000"><img src="https://bullseye.backbeatmedia.com/bullseye/adserver/253/111/viewCGI?pool=3160&type=3158&pos=22&zone=5000&redirect=ajs&dontcount=1" border="0"></a></noscript>

The Apple Security Update, 2007-009, for Mac OS X Tiger and Leopard published on Monday could have subtle, adverse effects on operations in Safari.

It turns out that changes in Safari, in order to increase security, could cause crashes in some special circumstances. That can happen due to the way the security update affects how frames are handled in Safari, according to TMO's resident coding wizard, Stephen Swift.

"The error happens when the user tries to submit a form to another target frame or window. Safari stops that, and, in fact, crashes. The idea is to keep any malicious hacker from, for example, trying to load code into a hidden window," Mr. Swift proposed. [However, crashing may not be the intended behavior.]

The effect became noticeable right after the update was applied and TMO editors tried to work in our publication system. Changes on the server side of our publication system had to be made to accommodate the way Safari now works.

The Security Update does not appear to affect OmniWeb 5.6 or FireFox 2.0.0.11 in that specific way.