Apple's Safari updates address 48 security vulnerabilities
The latest updates to Apple's Safari WebKit-based browser, versions 5.0 and 4.1, include several new features, such as secure sand-boxed extensions, new HTML5 technologies and Safari Reader, and address a number of security vulnerabilities. In total, the Safari updates close 48 security holes, many of them rated as critical by Apple.
Version 4.1 of Safari closes 46 vulnerabilities, while Safari 5.0 corrects 45 issues. A majority of the vulnerabilities are related to problems caused by the browsers open source WebKit rendering engine, most of which could allow an attacker to crash a victims browser or execute arbitrary code on a user's system. Other issues could lead to a denial-of-service (DoS) condition, information disclosure or cross-site scripting (XSS) issues. The updates also close a previously reported zero-day exploit caused by an error in the way the browser deals with pop-ups.
All users are advised to upgrade to the latest release as soon as possible. Safari 5.0 is available to download for Mac OS X 10.5.8, 10.6 and Windows XP or later. Alternatively, Safari 4.1 provided for users running Mac OS X 10.4.11 Tiger.
See also:
- About the security content of Safari 5.0 and Safari 4.1, security advisory from Apple.
- Apple Releases Safari 5, press release from Apple.
- Zero-day exploit for Safari, a report from The H.
(crve)