Windows and Mac users asked to upgrade to Safari 4.0.5

Safari v4.0.5 reportedly fixes a number of security issues on the Windows and Mac OSX platform versions of its browser, and includes remediations for a total of 16 security vulnerabilities.

The new version has been welcomed by most quarters but, says Graham Cluley, senior technology consultant with Sophos, Safari users should update their browsers – regardless of platform – without delay.

"If you dilly-dally over updating your computer, it's possible that hackers could exploit the security bugs – including some that could mean that simply visiting a webpage with a maliciously crafted image could lead to malicious code being automatically run on your computer", he noted in his security blog.

According to Cluley, one of the bugs (CVE-2009-2285) fixed in Safari 4.0.5 was announced and patched in Mac OS X 10.6.2 back in December 2009, and in Mac OS X 10.5 since January.

This means, he says, that Windows users of Safari have been vulnerable for over two months in the way their browser handles booby-trapped TIFF images.

"But it doesn't matter whether you own a Mac or PC, if you run Safari the message is clear: It's time to update your browser and ensure that you are protected against hackers exploiting the security holes detailed in the security advisory on Apple's website", he said.

What’s Hot on Infosecurity Magazine?