Apple is out with an update to its Safari web browser that aims to take the bite out of several vulnerabilities — as well as the potential for phishing attacks.
The Safari 3.2 update, available for both Windows and Mac versions of the browser, fixes at least 11 flaws, three of which are specific to its WebKit rendering engine. The flaws were found by a number of researchers including those from Apple itself as well as Google and even Microsoft.
The new update also adds an anti-phishing feature that’s intended to protect users from being lured into giving away their information on fraudulent sites.
One security flaw tackled in Safari 3.2 involves how the browser processes an XML document, through which an attacker could have potentially executed arbitrary code. According to Apple’s advisory, the vulnerability stems from a heap buffer overflow issue in the libxlst library (define).
The act of simply viewing a TIFF image (define) could lead to a user being exploited through another hole closed in the update. Apple credits Robert Swiecki of the Google Security Team for reporting the problem, through which viewing a maliciously crafted TIFF image could have lead to an unexpected crash or arbitrary code execution.
