Apple patches critical Safari holes

Apple patches critical Safari holes

Summary: Multiple vulnerabilities that could allow a hacker to take control of a machine exist in the Safari web browser, Apple has said

SHARE:
TOPICS: Security
0

Apple has made patches available for a number of critical security holes in its Safari web browser.

Apple published an advisory on Wednesday that dealt with multiple security vulnerabilities in Safari for Windows and for Mac, fixing them in Safari 5.1 and 5.06.

The advisory addressed at least 23 issues in Safari, and around 58 vulnerabilities. The holes mainly affect desktop Macs running Windows 7, Vista, XP SP2 or later. Flaws included cross-site scripting holes, and buffer and integer overflows that could lead to a hacker gaining control of the system. Two of the Safari issues affected Mac OS X and Mac OS X Server.

Flaws include multiple memory corruption issues in the Webkit browser engine. These could lead to arbitrary code execution if a user visits a maliciously crafted website, Apple warned.

US CERT recommended that IT professionals look at the advisory and "apply any necessary updates to help mitigate the risks."

Safari 5.1 also has a Privacy Pane that lets users manage data such as Flash cookies.

On Wednesday, Apple released OS X Lion, which contained a number of new security features. One of the security features was full address space layout randomisation (ASLR), which randomly arranges key data areas and makes it very hard for malware to know where in memory to install itself.

Safari 5.1 supports sandboxing in OS X Lion, a feature that quarantines websites to stop those that try to access a user's system.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion