Apple's latest updates for the Safari browser fix some arbitrary code execution vulnerabilities that existed for both OS X and Windows versions.
- A problem that prevents users from submitting Web forms
- Google Image results that display incorrectly with when Flash 10.1 is installed
- A vulnerability that results when opening a file in a directory that is writable by other users, which may lead to arbitrary code execution
According to GigaOm's Apple blog, the last one is Windows-only and is related to DLL load hijacking. The update "establishes an encrypted, authenticated connection to the Safari Extensions Gallery."
Other than browsing to the wrong site at the wrong time, these vulnerabilities didn't require user action to trigger arbitrary code execution threats.