Apple patches critical Safari holes

Summary:Multiple vulnerabilities that could allow a hacker to take control of a machine exist in the Safari web browser, Apple has said

Apple has made patches available for a number of critical security holes in its Safari web browser.

Apple published an advisory on Wednesday that dealt with multiple security vulnerabilities in Safari for Windows and for Mac, fixing them in Safari 5.1 and 5.06.

The advisory addressed at least 23 issues in Safari, and around 58 vulnerabilities. The holes mainly affect desktop Macs running Windows 7, Vista, XP SP2 or later. Flaws included cross-site scripting holes, and buffer and integer overflows that could lead to a hacker gaining control of the system. Two of the Safari issues affected Mac OS X and Mac OS X Server.

Flaws include multiple memory corruption issues in the Webkit browser engine. These could lead to arbitrary code execution if a user visits a maliciously crafted website, Apple warned.

US CERT recommended that IT professionals look at the advisory and "apply any necessary updates to help mitigate the risks."

Safari 5.1 also has a Privacy Pane that lets users manage data such as Flash cookies.

On Wednesday, Apple released OS X Lion, which contained a number of new security features. One of the security features was full address space layout randomisation (ASLR), which randomly arranges key data areas and makes it very hard for malware to know where in memory to install itself.

Safari 5.1 supports sandboxing in OS X Lion, a feature that quarantines websites to stop those that try to access a user's system.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.