Apple has released versions 5.0.3 and 4.1.3 of Safari, updates that address several security vulnerabilities in the WebKit-based browser. In total, the Safari updates fix 27 security holes in the browser's open source WebKit rendering engine, most of them rated as critical.
According to Apple, 23 of the vulnerabilities could allow an attacker to crash a victims browser or execute arbitrary code on a user's system. For an attack to be successful, a victim must first visit a specially crafted web page. Additional issues include exploits that could, for example, allow web sites to surreptitiously track users or allow malicious sites to disclose image data from another web site. Other changes include fixes for DNS pre-fetching and a bug that allowed some sites to spoof the address in the location bar or add arbitrary locations to the history.
The link for this article located at H Security is no longer available.