Apple Safari receives update with Lion release; 58 bugs fixed

Apple updates Safari browser to version 5.6 with the release of OS X 10.7 Lion; brings sandboxing to Safari to combat threat from ‘drive-by’ attacks.

Apple has updated its Safari browser to version 5.1 in a major upgrade that patches over 58 flaws. Several new features have also been added to the browser, including 'sandboxing'. Safari version 5.1 comes pre-bundled with Apple’s new operating system, OS X 10.7 or ‘Lion’, which was also released yesterday.

In all, 58 flaws were patched of which, 14 are Windows platform specific, one is OS X specific, and the remaining 44 impact both platforms. As many as 47 of the flaws may allow ‘arbitrary code execution’ on machines running Safari.

According to this support article, The update also patches bugs that could lead to disclosure of information and XSS vulnerabilities. Apple has refrained from disclosing or discussing the details of the vulnerabilities to prevent them being exploited before users have had a chance to upgrade to the latest versions.

WebKit, the open source browser engine that lies at Safari’s core was the component receiving most of the fixes. Apple cited ‘memory corruption issues’ in WebKit which may lead to ‘arbitrary code execution’ by merely visiting a maliciously crafted website.

In addition to the fixes, several new features have been added to Safari which includes ‘Reading list’, a feature that eliminates web ads from content saved for offline browsing. Safari 5 also boasts features which are available only on OS X Lion like multi-touch support, full-screen browsing and sandboxing.

The sandboxing feature will help thwart ‘drive-by’ attacks since any code executed within the browser will now be insulated from the rest of the operating system and application environment. This is the same mechanism used by Google’s Chrome browser, which also uses the WebKit engine.

Safari 5.1 runs on OS X 10.7 ‘Lion’ and OS X 10.6 ‘Snow Leopard’. Users of previous versions of OS X, OS X 10.5 or ‘Leopard’ must download Safari version 5.0.6. This is the second major update to Safari this year — the last being in March when over 60 bugs were patched.

Safari is available for download on the Apple website and also through Apple’s software update feature on both Windows and OS X, for existing users of Safari. More information on the update is available in this knowledgebase article.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Data breach incident management and recovery

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close