With Safari 5, Apple plugs four dozen holes

Latest version of Safari browser fixes vulnerabilities that could allow an attacker to take control of the computer, if someone just visited a malicious Web site, among other scenarios.

Apple

Apple has released the latest version of its Safari browser that includes fixes for four dozen security holes, mostly in the open-source WebKit technology and many of which leave a computer open to compromise by drive-by-download attacks from visiting a malicious Web page.

Safari 5 for Windows and Mac debuted on Monday. The impact on security issues is detailed in this advisory, which applies to Safari 5.0 and Safari 4.1.

The release updates the browser to display a warning before navigating to an HTTP (Hypertext Transfer Protocol) or HTTPS (secure HTTP) Web address containing user information, to better protect against phishing attacks, removes a heap buffer overflow in the handling of images using ColorSync technology, and addresses an issue in Safari's handling of PDF files.

The software also plugs 44 holes in WebKit alone that could allow for numerous types of attacks and compromises, including: information disclosure from dragging or pasting links or images; cross-site scripting attacks; unexpected actions on other sites caused by interacting with a malicious Web page; data leakage from visiting an HTTPS site that redirects to a less secure HTTP site; data being sent to an IRC server by visiting a malicious Web site; and a plethora of the garden-variety arbitrary code execution attack from visiting a malicious site.

Microsoft on Tuesday issued 10 security bulletins , fixing 34 vulnerabilities in one of its largest Patch Tuesdays to date. Meanwhile, Adobe said it would issue a patch for a critical hole in its Flash technology being exploited in the wild by delivering an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29.

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Tech industry's high-flying 2014
Uber's tumultuous ups and downs in 2014 (pictures)
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)
This plain GE range has all of the essentials (pictures)
Sony's 'Interview' heard 'round the world (pictures)