New Safari updates for OS X and Windows fixes flaws

Apple's latest updates for the Safari browser fix some arbitrary code execution vulnerabilities that existed for both OS X and Windows versions.

Apple released Safari 5.0.2 today (and Safari 4.12 for OS X 10.4) to fix some security flaws and usability issues. The primary issues fixed by this update are:

  • A problem that prevents users from submitting Web forms
  • Google Image results that display incorrectly with  when Flash 10.1 is installed
  • A vulnerability that results when opening a file in a directory that is writable by other users, which  may lead to arbitrary code execution

According to GigaOm's Apple blog, the last one is Windows-only and is related to DLL load hijacking. The update "establishes an encrypted, authenticated connection to the Safari Extensions Gallery."

Other than browsing to the wrong site at the wrong time, these vulnerabilities didn't require user action to trigger arbitrary code execution threats.

By Selena Frye

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...