Last month, we reported about the contest organized by TippingPoint in Vancouver, Canada. During that contest Charlie Miller broke into a MacBook Air in just two minutes by exploiting an unknown vulnerability in Safari Browser. He won a MacBook Air and $10,000.

Yesterday afternoon, Apple issued the version 3.1.1 of Safari to address, amongst other security issue, the vulnerability discovered by Miller.

The update has 39MB and it is available for both versions of Safari, for Windows and for Mac.

In the official description of the update, Apple noted: “CVE-ID: CVE-2008-1026 -

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista.
Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues.”

Another two updates, CVE-ID: CVE-2007-2398 and CVE-ID: CVE-2008-1024, were released only for the PC version of Safari. Apple urged all users to patch their Safari.

Safari version 3.1 for Mac OS X and Windows XP/Vista was launched by Apple last month. Safari supports CSS animations, CSS web fonts, and HTML 5 media support, it offers improved SVG support, and HTML 5's offline storage support, among other features.

Apple boasts that Safari loads pages up to 1.9 times faster than Internet Explorer 7 and up to 1.7 times faster than Firefox 2; and it executes JavaScript up to 6 times faster than Internet Explorer 7 and up to 4 times faster than Firefox 2.