Apple closes eight critical holes in Safari for Windows
Apple has closed eleven security holes with its release of version 3.2 of the Safari web browser for Windows XP and Vista. Only four of the holes also required closing in the updated version of Safari for Mac OS X v10.4.11 and Mac OS X v10.5.5. According to Apple's report, eight of the eleven holes in the Windows version can be exploited to infect PCs with malicious code when a specially crafted web page is visited. Most of the flaws are contained within Webkit and the ImageIO image processing framework. They are based on stack overflows, heap overflows and other memory corruptions.
Users are advised to install the update immediately. The new version is to be offered via the auto-update feature and is also available on the Apple downloads page. The last Safari update was released in June.
- About the security content of Safari 3.2, report by Apple