Apple yesterday released a huge Safari update that fixes 16 vulnerabilities – six for Windows versions and ten for Mac OS X and Windows. The update, Safari 4.0.5, makes fixes in Tiger, Leopard, Snow Leopard and Windows versions.
This is probably pretty significant. In November, the TheInquirer.net of the UK carried a piece about browser vulnerabilities that rated Firefox and Safari as the ones with the most vulnerabilities:
— Firefox 44 percent of total browser vulnerabilities
— Safari 35 percent
— Internet Explorer 15 percent
— Opera six percent
Story here: “Most web apps are broken.”
The 4.0.5 update fixes problems in ColorSync, ImageIO, PubSub, Safari and Web Kit, many of which could allow the execution of malicious code.
The last major update, Snow Leopard (Mac OS X 10.6.2) , came out in November. Apple distributed a beta version of Mac OS X 10.6.3 to its development community last week.
Vulnerabilities fixed included:
ImageIO (CVE-2009-2285, CVE-2010-0041, CVE-2010-0042 and CVE-2010-0043)
WebKit (CVE-2010-0046 , CVE-2010-0047, CVE-ID: CVE-2010-0048 , CVE-2010-0049 , CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053 and CVE-2010-0054)
Apple Support statement here.