Apple fixes more Safari security flaws

Security experts are warning users of Apple's Safari web browser to upgrade to the latest version immediately or risk hackers being able to run malicious code on their computers.

Apple yesterday released a new version of its flagship browser – 4.0.3 – featuring fixes to stability and compatibility problems, but also to patch six vulnerabilities.

These included buffer overflow issues and a problem with Safari's Top Sites feature, which could facilitate a phishing attack by allowing a "malicious website to promote arbitrary sites into the Top Sites view", said Apple.

Graham Cluley, senior technology consultant for security vendor Sophos, argued that users must update as soon as possible to the new version of Safari, whether they run it on a Microsoft or Apple-based operating system.

"Don't think you can get away with not updating if you run Safari on Windows XP or Vista, because two of the security patches only apply to the version of Apple's browser that runs on Microsoft's operating system," he wrote.

"It doesn't matter whether you run Safari on Mac OS X or Windows computers, it's important that you apply these security patches detailed in a security advisory on Apple's website."