Apple has released the latest version of its Safari browser that includes fixes for four dozen security holes, mostly in the open-source WebKit technology and many of which leave a computer open to compromise by drive-by-download attacks from visiting a malicious Web page.
The release updates the browser to display a warning before navigating to an HTTP (Hypertext Transfer Protocol) or HTTPS (secure HTTP) Web address containing user information, to better protect against phishing attacks, removes a heap buffer overflow in the handling of images using ColorSync technology, and addresses an issue in Safari's handling of PDF files.
The software also plugs 44 holes in WebKit alone that could allow for numerous types of attacks and compromises, including: information disclosure from dragging or pasting links or images; cross-site scripting attacks; unexpected actions on other sites caused by interacting with a malicious Web page; data leakage from visiting an HTTPS site that redirects to a less secure HTTP site; data being sent to an IRC server by visiting a malicious Web site; and a plethora of the garden-variety arbitrary code execution attack from visiting a malicious site.
Microsoft, fixing 34 vulnerabilities in one of its largest Patch Tuesdays to date. Meanwhile, for a critical hole in its Flash technology being exploited in the wild by delivering an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29.
Apple - USE TAG
reading•With Safari 5, Apple plugs four dozen holes
Oct 16•Apple fattened up its bagel emoji and now people are happy
Oct 16•What is a smart display and do you need one?
Oct 16•iPhone XS vs. Pixel 3: Which phone has the best camera?
Oct 16•Huawei Mate 20 Pro vs. iPhone XS, Pixel 3, Galaxy S9: Every spec compared