News - Security Issues

Apple issues week's second patch set, fixes 7 Safari flaws

Apple issued its second security update in three days, patching seven vulnerabilities in Safari, including one in the Windows version that the company fixed two months ago for most Mac users. Earlier in the week, Apple pushed out a massive patch to address nearly 60 vulnerabilities affecting Mac OS X.

Of the seven holes that Safari 4.0.4 plugs, six apply to the little-used Windows version of the browser, six affect Tiger, but just three impact Mac OS X 10.5 and 10.6, Leopard and Snow Leopard, respectively.

Only two of the vulnerabilities were accompanied by Apple's "may result in arbitrary code execution" phrasing, its way of noting that the bugs are serious and if exploited, could let attackers hijack a machine. Both of those critical vulnerabilities affect the Windows edition of Safari only.

Safari 4.0.4 for Windows or Mac can be downloaded from Apple's site. Current users of the browser can obtain the new version by running Software Update on the Mac or the bundled Apple Software Update on Windows.