Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Apple has released new versions of its Safari browser, plugging 27 vulnerabilities in the process.
The Cupertino company discovered various flaws in its browser, albeit with some help from security professionals from the Google Chrome team, Microsoft and Trusteer, amongst others.
Only two flaws appear to have been found by Apple without help from outside experts.
The Safari 5.0.3 and Safari 4.1.3 releases for Mac OS X and Windows plug various vulnerabilities, all of them within the open source WebKit engine, which is also used by Google Chrome and Android.
“Two questions do come to mind though. One is whether these flaws exist in the version of Safari for the iPad/iPhone/iPod Touch. The other is why Apple is saving up 27 vulnerabilities into one release,” said Sophos senior security advisor Chester Wisniewski, in a blog.
“The previous update from Apple for Safari was in early September, and like Oracle's Java, I think it may be time for Apple to move to more frequent updates to keep Apple users safe.”
As for what dangers the vulnerabilities posed, one could allow websites to “surreptitiously track users,” Apple explained in an advisory.
Various other flaws may have allowed a maliciously crafted website to “lead to an unexpected application termination or arbitrary code execution.”
Earlier this month, Apple fixed more than 130 vulnerabilities in a Mac OS X update.
Many of the flaws could have been exploited by hackers if users did not upgrade.
This article originally appeared at itpro.co.uk
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.