Apple fixes 27 Safari vulnerabilities

By

Many of which were found by non-Apple researchers.

Apple has released new versions of its Safari browser, plugging 27 vulnerabilities in the process.

Apple fixes 27 Safari vulnerabilities

The Cupertino company discovered various flaws in its browser, albeit with some help from security professionals from the Google Chrome team, Microsoft and Trusteer, amongst others.

Only two flaws appear to have been found by Apple without help from outside experts.

The Safari 5.0.3 and Safari 4.1.3 releases for Mac OS X and Windows plug various vulnerabilities, all of them within the open source WebKit engine, which is also used by Google Chrome and Android.

“Two questions do come to mind though. One is whether these flaws exist in the version of Safari for the iPad/iPhone/iPod Touch. The other is why Apple is saving up 27 vulnerabilities into one release,” said Sophos senior security advisor Chester Wisniewski, in a blog.

“The previous update from Apple for Safari was in early September, and like Oracle's Java, I think it may be time for Apple to move to more frequent updates to keep Apple users safe.”

As for what dangers the vulnerabilities posed, one could allow websites to “surreptitiously track users,” Apple explained in an advisory.

Various other flaws may have allowed a maliciously crafted website to “lead to an unexpected application termination or arbitrary code execution.”

Earlier this month, Apple fixed more than 130 vulnerabilities in a Mac OS X update.

Many of the flaws could have been exploited by hackers if users did not upgrade.

This article originally appeared at itpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © ITPro, Dennis Publishing
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?