Security update for Safari leads Apple updates

Stephen Withers
Wednesday, 08 September 2010 10:01

Business IT - Security

Updates to Apple's Safari browser address a trio of security issues, one specific to Windows, as well as delivering compatibility improvements. The iWeb web page creation program has also been updated.

Apple has released version 5.0.2 of its Safari browser, removing three security vulnerabilities and addressing compatibility issues.

One of the vulnerabilities is specific to Windows. In previous versions of Safari, attempting to reveal the location of a downloaded file could lead to the execution of an application contained in the same directory. This occurred because Safari did not specify the full search path to Windows Explorer.

The other two issues apply to the Mac OS X and Windows versions of Safari.

Inadequate validation of floating-point values in WebKit (the engine that underpins Safari) could allow a malicious website to trigger a crash or execute arbitrary code.

A bug in the handling of elements with run-in styling (a CSS feature) could result in a crash or execution of arbitrary code.

Other changes to Safari, the iWeb update and a new version of TechTool Deluxe for AppleCare subscribers are described on page 2.