Apple rolls out updated Safari browser

Several issues with Apple’s Safari web browser have been addressed with version 4.0.5 of the application. Included among the fixes in this update are 16 security plugs affecting the browser on both Mac OS X and Windows platforms.

Of the 16 security updates included in this new version of Safari, 12 are patches seeking to prohibit “unexpected application termination or arbitrary code execution”, as noted in a security bulletin from Apple. Some of the fixes are unique to Windows users, whereas others affect numerous versions of both Windows and Mac OS X operating systems.

“If you dilly-dally over updating your computer, it's possible that hackers could exploit the security bugs – including some that could mean that simply visiting a webpage with a maliciously crafted image could lead to malicious code being automatically run on your computer,” warned Sohpos’ Graham Cluley in one of his recent security blog postings.

And, as Cluley pointed out, Windows users running the Safari application have been open to exploits for weeks, or even months.

“Interestingly, one of the bugs (CVE-2009-2285) fixed in Safari 4.0.5 was announced and patched in Mac OS X 10.6.2 back in December 2009, and in Mac OS X 10.5 since January, meaning that Windows users of Safari have been vulnerable for over two months to the way their browser handles booby-trapped TIFF images”, added Cluley.

As Cluley would appropriately go on to suggest, the OS one uses is irrelevant. The security holes exist, so there is no reason to delay updating the software.

What’s Hot on Infosecurity Magazine?