Safari 4.0.5 patches 16 holes
Source: Apple Apple has released Safari 4.0.5, an update which addresses sixteen vulnerabilities in the browser, along with a number of stability and performance improvements. Six of the flaws affect only Windows versions of Safari, with the remaining ten affecting both Mac OS X and Windows versions.
The Windows only flaws include integer overflows when processing colour profiles, TIFF, or BMP images and the handling of external URLs, all of which could lead to arbitrary code execution.
Vulnerabilities in WebKit affect both Mac OS X and Windows versions of Safari. Most of these vulnerabilities can lead to crashing applications or arbitrary code execution. Use-after-free issues were found and addressed in the handling of the HTML object element, HTML elements with right to left text, parsing of XML documents, nested HTML tags, CSS rendering, and HTML callbacks. Memory corruption in CSS handling and errors in cross-origin handling were addressed. A bug which allowed cookies to be set, even if Safari was configured to block cookies, was also fixed.
Non-security related fixes in Safari 4.0.5 include improved performance for the "Top Sites" feature and stability improvements for third party plug-ins, forms and SVG. An issue that prevented Safari from changing settings on some Linksys routers was fixed.
The Safari 4.0.5 update is available through Apple's Software Update and is available to download.
- About the security content of Safari 4.0.5, a report from Apple.