toggle

AAPL Stock: 493.42 ( + 0.25 )

Safari 5, 4.1 updates fix massive 48 security flaws

updated 12:50 pm EDT, Tue June 8, 2010

Most corrected through WebKit upgrade


The Safari 5 and 4.1 for Tiger updates released yesterday together address at least 48 security vulnerabilities, according to Apple data. The large number of fixes is mostly attributable to work on WebKit, the rendering engine at the core of the browser. Some of the most critical issues remedied in this area include ones with HTML buttons and attribute manipulation, which could allow for hacking. A problem with keyboard focus could previously be used to trick people into triggering an unintended action, such as payment.

Amongst the holes closed outside of WebKit are use-after-free exploits associated with PDF files and windows, and potential phishing schemes involving usernames and passwords embedded into URLs. Images with embedded ColorSync profiles could be used to launch exploits.

The Safari updates are available for both Mac and Windows. For users of Mac OS X Tiger, v4.1 is the latest possible patch.




by MacNN Staff

print
email
(12)

TAGS :

 security, software, Safari, Apple

Related Articles

Recent Articles

toggle

Comments

  1. facebook_Chris

    Via Facebook

    Joined: Jun 2010

    +2
    06/08, 01:50pm | report spam | (1 reply) Reply |

    Reader

    I'm a Firefox guy generally but Reader does intrigue me. I've found it very convenient on a couple of article pages that I've look through so far.

  1. makesense

    Fresh-Faced Recruit

    Joined: Feb 2007

    +2
    06/08, 02:12pm | report spam | Reply |

    Video Problems

    Safari 5/Mac does not play videos for me (other than via Apple's web site). No youtube for example. No embedded Quicktime videos either. Safari 4 did, Firefox does.

  1. makesense

    Fresh-Faced Recruit

    Joined: Feb 2007

    +2
    06/08, 02:23pm | report spam | Reply |

    Video problem...maybe fixed

    Installed latest Flip for Mac plugin (2.3.3, was 2.3.2 when it I had video problems), and so far all is well.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    -8
    06/08, 02:24pm | report spam | Reply |

    Hmmm

    Where's all the ranting about more security vulnerabilities and unsafe programs? Oh, right, that's saved for the likes of Adobe. With Apple, we just applaud that they fixed a bunch of problems that we were never told existed. Hopefully the black hats didn't know about them either.....

  1. WiseWeasel

    Fresh-Faced Recruit

    Joined: Apr 1999

    +3
    06/08, 02:33pm | report spam | (1 reply) Reply |

    Sheesh

    Were they saving them up or something? Dunno how this makes me feel about having been using the apparently extremely vulnerable Safari 4 until now. It would be nice if they could get security updates out to us before they add up to 48.

  1. Mike Richardson

    Fresh-Faced Recruit

    Joined: Jun 2009

    +3
    06/08, 03:35pm | report spam | Reply |

    Safari 4.1 for Tiger

    If you read the feature changes for Safari 4.1 for Tiger, most of the Safari 5 changes are also present including the DNS prefetching and performance improvements. It's good to see Apple not entirely abandoning older Macs, which are still useful.

  1. elroth

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    06/08, 05:29pm | report spam | Reply |

    4.1 not good

    I tried updating my Tiger iMac to Safari 4.1, and the new Safari crashed every time I tried to open it (only Safari, not my computer). I removed SafariBlock and ClickToFlash (my only add-ons), and Safari still crashed immediately when opening.

    I had to go to my backup cloned drive to reinstall 4.0.5, which works fine.

    Not a good experience.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    -3
    06/08, 06:14pm | report spam | Reply |

    so...

    Safari 5 is good for XP, Vista, and 7, but Apple can't even spend the time to get it to work on Tiger?

  1. wrenchy

    Fresh-Faced Recruit

    Joined: Nov 2009

    -2
    06/08, 09:33pm | report spam | Reply |

    HEY?


    I thought sh*t "Just Works" with the Mac?

    With all the problems listed above.... I guess not.

  1. wrenchy

    Fresh-Faced Recruit

    Joined: Nov 2009

    -4
    06/08, 09:37pm | report spam | Reply |

    re:re: Sheesh


    >>Does it make you feel any better than not a single one of those vulnerabilities were exploited before Apple fixed them?


    Security through obscurity is the Apple motto... Just be lucky Apple decided to get off their a$$es and fix these vulnerabilities. Which is usually not the case. Something will happen, eventually.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 

Popular News