Apple has released an update to its Safari browser, version 6, that plugs 121 security holes, most of which involve the WebKit rendering engine.
The Safari update fixes a staggering 121 vulnerabilities, 117 of those flaws in WebKit, a browser engine designed to render HTML webpages. Most of the WebKit vulnerabilities could result in an unexpected application termination or arbitrary code execution if the user visits a maliciously created website, according to the security update.
Apple also patched two issues with the handling of feed:// URLs – one is a cross-site scripting vulnerability that could be exploited if a user visited a maliciously crafted site, and the other is an access control issue that could be exploited to send files from a user’s system to a remote server.
Another Safari fix resolves a problem in which passwords may autocomplete even when the site specifies that autocomplete should be disabled.
Read more:
http://www.infosecurity-magazine.com/view/27219/apple-plugs-staggering-number-of-holes-in-safari-browser/?utm_source=twitterfeed&utm_medium=twitter
Learn more:
- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security