Apple has released the latest version of its Safari browser that includes fixes for four dozen security holes, mostly in the open-source WebKit technology and many of which leave a computer open to compromise by drive-by-download attacks from visiting a malicious Web page.
The release updates the browser to display a warning before navigating to an HTTP (Hypertext Transfer Protocol) or HTTPS (secure HTTP) Web address containing user information, to better protect against phishing attacks, removes a heap buffer overflow in the handling of images using ColorSync technology, and addresses an issue in Safari's handling of PDF files.
The software also plugs 44 holes in WebKit alone that could allow for numerous types of attacks and compromises, including: information disclosure from dragging or pasting links or images; cross-site scripting attacks; unexpected actions on other sites caused by interacting with a malicious Web page; data leakage from visiting an HTTPS site that redirects to a less secure HTTP site; data being sent to an IRC server by visiting a malicious Web site; and a plethora of the garden-variety arbitrary code execution attack from visiting a malicious site.
Microsoft, fixing 34 vulnerabilities in one of its largest Patch Tuesdays to date. Meanwhile, for a critical hole in its Flash technology being exploited in the wild by delivering an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29.
Apple - USE TAG
reading•With Safari 5, Apple plugs four dozen holes
Nov 14•Costco Black Friday 2018: Best deals include $800 Surface Pro bundle, $300 Dyson and more
Nov 13•Black Friday iPhone deals 2018: $150 off iPhone XR and XS, $400 iPhone X gift card
Nov 13•Amazon announces NYC and Northern Virginia as HQ2 winners
Nov 13•No escaping the notch: 13 phones with screen notches