Apple fixes 27 Safari vulnerabilities

Safari

Apple has released new versions of its Safari browser, plugging 27 vulnerabilities in the process.

The Cupertino company discovered various flaws in its browser, albeit with some help from security professionals from the Google Chrome team, Microsoft and Trusteer, amongst others.

Only two flaws appear to have been found by Apple without help from outside experts.

The Safari 5.0.3 and Safari 4.1.3 releases for Mac OS X and Windows plug various vulnerabilities, all of them within the open source WebKit engine, which is also used by Google Chrome and Android.

"Two questions do come to mind though. One is whether these flaws exist in the version of Safari for the iPad/iPhone/iPod Touch. The other is why Apple is saving up 27 vulnerabilities into one release," said Sophos senior security advisor Chester Wisniewski, in a blog.

"The previous update from Apple for Safari was in early September, and like Oracle's Java, I think it may be time for Apple to move to more frequent updates to keep Apple users safe."

As for what dangers the vulnerabilities posed, one could allow websites to "surreptitiously track users," Apple explained in an advisory.

Various other flaws may have allowed a maliciously crafted website to "lead to an unexpected application termination or arbitrary code execution."

Earlier this month, Apple fixed more than 130 vulnerabilities in a Mac OS X update.

Many of the flaws could have been exploited by hackers if users did not upgrade.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.