Safari: Closes Security Holes with version 5.1.4
Safari: Closes 80 Security Holes with version 5.1.4
Apple has released version 5.1.4 of its Safari web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs.
A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution.
The recent issue, where Google were accused of bypassing Safari’s privacy controls on cookies, also appears to have been addressed. Details of how Apple have fixed this though are not given. A bug in Safari’s Private Browsing mode that allowed page visits to be recorded in the browser history when the mode was active has been fixed.
On Windows systems, the browser update improves domain name validity checking in order to prevent attackers from using look-alike characters in a URL to visually spoof a legitimate domain and direct users to a malicious site – Mac OS X systems were not affected by this issue.
More can be found here: http://www.h-online.com/security/news/item/Safari-update-closes-security-holes-1470595.html
- Apple patches steaming heap of Safari bugs (go.theregister.com)
- Apple patches record number of Safari 5 bugs with monster update (infoworld.com)
- Apple releases Safari 5.1.4 update (applescoop.com)
- Apple Releases Safari 5.1.4 With Speed And Stability Improvements (cultofmac.com)