Apple on Thursday issued an updated version of its Safari browser to address several vulnerabilities that could allow an attacker to obtain sensitive information or carry out other malicious actions.
Safari 4.0.5 fixed 16 flaws, which computer security provider Secunia rated as “highly critical.” The vulnerabilities could also be exploited by an attacker to bypass security restrictions or compromise a user’s system, Secunia said.
A flaw in WebKit, an open-source application framework, could be exploited to disclose sensitive information, Apple said in its security notes. Visiting a maliciously crafted website may reveal the protected content on another website because of an issue with the way WebKit handles style sheet requests.
There were several other flaws in WebKit, which could lead to unexpected application termination or arbitrary code execution if a user views a maliciously crafted website. An issue that affects Windows 7, Vista and XP involving the way Safari handles URLs could also lead to arbitrary code execution.
The update also addressed issues in ColorSync, ImagelO, PubSub.
In addition to the security fixes, the update includes performance improvements for Top Sites, a feature in Safari that allows users to preview their most-visited websites. The updated browser also includes stability improvements for third-party plug-ins.
Safari hadn’t been updated since November. Last year, the browser received six updates.