Apple on Thursday released Safari 3.2, with 11 security updates for Mac OS X and Windows, to close up multiple vulnerabilities, some of which could lead to remote code execution.
The updates are available for Windows XP or Vista, Mac OS X v10.4.11 and Mac OS X v10.5.5. Eight of the updates are specific to Safari and three are specific to WebKit, an open-source application framework.
The patched vulnerabilities could allow an attacker to execute arbitrary code, cause unexpected application termination, foster a denial-of-service condition or obtain sensitive information. The vulnerabilities can be exploited through a maliciously crafted JPEG or TFF image, website or HTML page, Apple said in an advisory.
US-CERT, in an email alert Friday, said they encourage users to review Apple Article HT3298 and apply any necessary updates.
Safari version 3.2 also includes anti-phishing and anti-malware protection, which Apple calls “fraudulent site” protection that displays an alert when a possible phishing site is detected, Mac security software company Intego said in a blog post Friday.
Users will be alerted to suspicious malware and phishing sites on Safari 3.2.
"It's a pretty big step for Apple to finally say loud and clear that yes, there are security issues we need to deal with," Intego spokesman Peter James told SCMagazineUS.com Friday. "Everyone's at risk for phishing, which is a pretty serious problem.”
Earlier this week, Apple issued an update to its iLife suite of multimedia software programs, correcting three vulnerabilities that could be exploited to crash an application or execute remote code.