Safari updates tackle WebKit, Windows security holes
updated 09:30 am EDT, Wed September 8, 2010
Issues spread across Safari 4, 5
The latest maintenance updates for Safari 4 and 5 also address a handful of security vulnerabilities, Apple notes. Two of these are based in WebKit, the rendering engine at the core of the browser. One involves an input validation problem in the handling of floating point data, which could be used to trigger an exploit via a malicious website.
The other involves an issue with run-in styling, which could again allow for a web-based exploit. The one non-WebKit vulnerability fixed in the updates is, unusually for Safari, limited only to users of Windows 7, Vista or XP SP2. The flaw is linked to Windows Explorer, and involves exposing the location of a downloaded file, which could be used to launch a malicious app.
