Safari patches cover 57 vulnerabilities

Apple issued an update for Safari yesterday to cover 57 security fixes.

The patches affect versions 5.0.6 and 5.1, of which: 46 could lead to remote code execution; four to information disclosure; three to the spoofing of addresses or content; three to cross-site scripting; and one to the mismanagement of SSL certificates.

The update also offers improvements and a few new features, including one called the Reading List that allows web pages to be stored and read later. The non-security-related features in the update are in Apple article HT4611.

“The sheer number of vulnerabilities being patched in Safari is mind boggling. Microsoft and Oracle definitely release big patches, but the fixes they ship generally apply to many different applications and operating systems<," said Andrew Storms, director of security operations at nCircle.

"This is a vast number of bugs for just Safari alone. There are so many code execution bugs alone I've gone cross-eyed.

“It's no surprise that Apple is updating Safari the same day that Lion is released. It's a little odd that they didn't also update QuickTime, since a new Apple OS usually ships with a bunch of security fixes for Apple applications.”

Apple released OS X Lion earlier this week, with an emphasis on application visibility and usability. New improvements include AirDrop that allows files to be sent wirelessly and an AutoSave option. Installing Lion negates the separate download for Safari, as the update is included in Lion.

Edy Almer, vice president of product management at Safend, said: “The introduction of the Mac OS X Lion has brought with it a number of new features. As with any significant software changes or upgrades, users should be cautious when updating systems, as the methods used to encrypt sensitive data may not fully transfer during the update and could leave users at risk of having unencrypted data or leaving files damaged.

“If users have encrypted any files, they could consider decrypting before running the upgrade process and then re-encrypting the files to ensure data remains fully secure."

Google is believed to be working on Lion-optimised version of its Chrome browser after user reports claimed that Chrome did not work well on the new OS X.

Mactrast.com reported that the update will likely bring increased support for Lion's gestures and enable new Lion features including physical 'swiping' between pages. It also claimed that a Lion update will mimic the new tendency to auto-hide scroll bars when you aren't actively using them and add an enhanced Full-Screen App mode based on Lion's new API.

This article originally appeared at scmagazineuk.com