Feature high concentration of Windows patches

The Safari 5.1 and 5.0.6 updates released earlier today also close numerous security vulnerabilities, according to official release notes. Among these are one in Java that could result in "unexpected" text being displayed on various websites, and another in the Windows and Snow Leopard instances of AutoFill, through which hackers could steal information using non-visible form fields. Safari now shows all fields to be filled and requires consent.

Securing Windows appears to be a major emphasis of the v5.1 update. All of the fixes at least apply to the platform, and 13 of them are Windows-only, dealing with related holes in Safari components like Unicode, ColorSync, CoreGraphics and ImageIO.

For all supporting operating systems a litany of patches have been applied to Safari's underlying WebKit engine. These solve threats such as spoofed URLs, cross-site scripting attacks and malicious links in RSS feeds. Safari 5.1 is built into OS X Lion.

by MacNN Staff