Two of the repaired flaws could allow an attacker to take control of a system. A third exposes the user to a cross-site scripting vulnerability that could lead to disclosure of confidential information.
Security researchers took just hours to find the first security holes after Apple released a beta of the browser on Monday. Researchers have reported a total of seven security vulnerabilities.
One of the repaired vulnerabilities was discovered by Thor Larholm, although Apple did not credit the researcher.
"Given that Apple has a lousy track record with security on OS X, and a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted at this new Windows browser," he wrote when he disclosed his vulnerability in a blog posting on Tuesday.
In another posting on Thursday, Larholm claimed that the update is still ignoring several weak spots in the browser that allow him to crack the security again with a few tweaks to his original exploit.
Safari 3 is currently in beta making it unlikely that people are using the software as their primary browser. This will limit the risk that attackers will target the vulnerabilities.
Breaking with the way the company traditionally discloses security flaws, Apple did not post details of the update on its security updates site but disclosed them in an email to a mailing list.
Apple is breaking with common procedures in other areas too. The update to the application is listed as version 3.01, but it is uncommon to change version numbers of software when in the testing phase.
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
