Apple released Safari 5.0.2 today (and Safari 4.12 for OS X 10.4) to fix some security flaws and usability issues. The primary issues fixed by this update are:
- A problem that prevents users from submitting Web forms
- Google Image results that display incorrectly with when Flash 10.1 is installed
- A vulnerability that results when opening a file in a directory that is writable by other users, which may lead to arbitrary code execution
According to GigaOm’s Apple blog, the last one is Windows-only and is related to DLL load hijacking. The update “establishes an encrypted, authenticated connection to the Safari Extensions Gallery.”
Other than browsing to the wrong site at the wrong time, these vulnerabilities didn’t require user action to trigger arbitrary code execution threats.
