Apple releases massive patch for Safari 5
The latest patch released by Apple addresses a record 62 vulnerabilities and bugs in Safari 5 and updates the browser on Mac and Windows to version 5.0.4. The Safari update was released along with iOS 4.3 which fixed many of the same flaws.
56 out of the 62 vulnerabilities were tagged "arbitrary code execution" which is Apple's way of rating the flaws as "critical". Apple does not assign severity rankings to vulnerabilities unlike Google, Mozilla and Microsoft.
The majority of the bugs patched were in WebKit which is an open-source browser engine that powers Google's Chrome as well as Safari. It was actually the security engineers at Google along with independent researchers who initially discovered and reported more than half of the flaws.
Apple explained that 92% of the bugs can be exploited by "drive-by" attacks that run as soon as the victim goes onto a malicious website while using the unpatched version of Safari.
There were also some non-security related issues addressed in the patch including one that incorrectly printed web pages, another that made sites unstable when they rendered content with multiple plug-ins and ones that improved the VoiceOver proficiencies.
According to Apple's advisory, 57 of the 62 bugs can be exploited by "drive-by" attacks that execute as soon as a victim browses to a malicious Web site with an unpatched edition of Safari.
The latest update can be downloaded from Apple's site for Mac OS X 10.5 (Leopard), Mac OS X 10.6 (Snow Leopard), Windows XP, Windows Vista and Windows 7. Anyone using Mac OS will receive notification of the new version automatically and Windows users already running Safari will get alerts from the Apple Software Update Tool.
Return to security news headlines
View Security News Archive