Apple closes 23 critical holes in Safari
Apple has released versions 5.0.3 and 4.1.3 of Safari, updates that address several security vulnerabilities in the WebKit-based browser. In total, the Safari updates fix 27 security holes in the browser's open source WebKit rendering engine, most of them rated as critical.
According to Apple, 23 of the vulnerabilities could allow an attacker to crash a victims browser or execute arbitrary code on a user's system. For an attack to be successful, a victim must first visit a specially crafted web page. Additional issues include exploits that could, for example, allow web sites to surreptitiously track users or allow malicious sites to disclose image data from another web site. Other changes include fixes for DNS pre-fetching and a bug that allowed some sites to spoof the address in the location bar or add arbitrary locations to the history.
Safari 5.0.3 is available to download for Mac OS X 10.5.8 Leopard, 10.6.2 Snow Leopard and Windows XP SP2 or later. Alternatively, Safari 4.1.3 is provided for users running Mac OS X 10.4.11 Tiger. Mac OS X users can upgrade to the latest release via the built-in Software Update function. All users are advised to upgrade to the latest release as soon as possible.
- About the security content of Safari 5.0.3 and Safari 4.1.3, security advisory from Apple.
- Apple re-posts Mac OS X Server 10.6.5 update, a report from The H.
- Apple releases Mac OS X 10.6.5 update, a report from The H.