New Safari updates for OS X and Windows fixes flaws

Apple's latest updates for the Safari browser fix some arbitrary code execution vulnerabilities that existed for both OS X and Windows versions.

Apple released Safari 5.0.2 today (and Safari 4.12 for OS X 10.4) to fix some security flaws and usability issues. The primary issues fixed by this update are:

  • A problem that prevents users from submitting Web forms
  • Google Image results that display incorrectly with  when Flash 10.1 is installed
  • A vulnerability that results when opening a file in a directory that is writable by other users, which  may lead to arbitrary code execution

According to GigaOm's Apple blog, the last one is Windows-only and is related to DLL load hijacking. The update "establishes an encrypted, authenticated connection to the Safari Extensions Gallery."

Other than browsing to the wrong site at the wrong time, these vulnerabilities didn't require user action to trigger arbitrary code execution threats.