Apple fixes 27 Safari vulnerabilities

gallery

Apple has released new versions of its Safari browser, plugging 27 vulnerabilities in the process.

The Cupertino company discovered various flaws in its browser, albeit with some help from security professionals from the Google Chrome team, Microsoft and Trusteer, amongst others.

Only two flaws appear to have been found by Apple without help from outside experts.

The Safari 5.0.3 and Safari 4.1.3 releases for Mac OS X and Windows plug various vulnerabilities, all of them within the open source WebKit engine, which is also used by Google Chrome and Android.

“Two questions do come to mind though. One is whether these flaws exist in the version of Safari for the iPad/iPhone/iPod Touch. The other is why Apple is saving up 27 vulnerabilities into one release,” said Sophos senior security advisor Chester Wisniewski, in a blog.

“The previous update from Apple for Safari was in early September, and like Oracle's Java, I think it may be time for Apple to move to more frequent updates to keep Apple users safe.”

As for what dangers the vulnerabilities posed, one could allow websites to “surreptitiously track users,” Apple explained in an advisory.

Various other flaws may have allowed a maliciously crafted website to “lead to an unexpected application termination or arbitrary code execution.”

Earlier this month, Apple fixed more than 130 vulnerabilities in a Mac OS X update.

Many of the flaws could have been exploited by hackers if users did not upgrade.

Email to a friend

Print this page