Newly issued Safari closes 48 holes

By on

Vulnerabilites in Safari, WebKit and Color Sync.

Apple has issued a new version of its Safari web browser to close dozens of vulnerabilities, some of which could allow an attacker to install malicious code on an affected system.

Safari 5, available for Windows and Mac, closes at least 48 holes. Additionally, Safari 4.1 was issued to address the same vulnerabilities for users of Mac OS X version 10.4 (Tiger), which is not supported by Safari 5.

The updates address vulnerabilities in Safari, as well as WebKit, an engine that allows web browsers to render on web pages, and Color Sync, a graphics utility.

One of the numerous Safari flaws could allow an attacker to obfuscate a maliciously crafted URL, making phishing attacks more effective, Apple said in its advisory. Additionally, due to a flaw in WebKit, dragging or pasting links or images from a maliciously crafted website could result in files being sent from the user's system to a remote server.

Many of the vulnerabilities could be exploited with no user interaction, according to researchers at Mac security vendor Intego.

“The wide variety of possible vulnerabilities ... is a sobering reminder that one of the main vectors of security threats today is the web,” a blog post from Intego said. “Often the 'maliciously crafted websites' are hacked to include links that will exploit vulnerabilities; it's not even the user who has to go into the dark alleys of the internet to get hit."

Overall, the vulnerabilities could allow attackers to execute arbitrary code, cause a denial-of-service, obtain sensitive information, or conduct cross-site scripting attacks, according to an advisory issued by US-CERT. Safari users are being advised to update to either Safari 5 or 4.1.

Safari 5 also includes a number of new, nonsecurity features including Safari Reader, which formats multipage online articles into a single page for easier viewing. Other new features include improved performance for faster web browsing, additional support for HTML5 features, and a built-in Bing search engine bar.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
5 closes dozens holes issued newly of safari security
In Partnership With

Most Read Articles

Telstra towers over rivals in war for NBN power

Telstra towers over rivals in war for NBN power
NSW transit officers can't check credit card tap-ons

NSW transit officers can't check credit card tap-ons
ANZ digital chief Maile Carnegie frets over human obsolescence

ANZ digital chief Maile Carnegie frets over human obsolescence
Linus Torvalds apologises for 'hurtful' behavior, takes a break

Linus Torvalds apologises for 'hurtful' behavior, takes a break
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report

Events

Log In

Username / Email:
Password:
  |  Forgot your password?