Apple ships record 83 security fixes for Safari browser

Most of the fixes are for WebKit, the open-source browser engine that powers Safari and iTunes’ online store. In fact many of the WebKit fixes are the same as those in the recent iOS 5.1 and iTunes 10.6 updates.

There were only two vulnerabilities not specific to WebKit. One was that the domain name support in Safari could be used to create a URL that contains look-alike characters. “These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue is addressed through an improved domain name validity check", Apple explained in its security advisory.

The other was that web pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Safari’s private browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active, Apple said.

In addition to security fixes, Safari 5.1.4 includes a number of performance and stability enhancements that improve responsiveness when typing into the search field after changing network configurations or with an intermittent network connection; addresses an issue that could cause web pages to flash white when switching between Safari windows; address issues that prevent printing US Postal Service shipping labels and embedded PDFs; preserves links in PDFs saved from web pages; corrects the contents of context menus on web pages that are PDFs; fixes an issue that could cause the screen to dim while watching HTML5 video; improve stability, compatibility, and startup time when using extensions; and allows cookies set during regular browsing to be available after using private browsing.

What’s Hot on Infosecurity Magazine?