14 DAY TRIAL // Apple has released a new version of its Safari web browser for Mac and Windows, which includes improvements to the performance, stability, and security of the software. Available as a free download, Safari is the standard web browser that has been shipping with Apple’s operating system since the release of Mac OS X version 10.3 "Panther."
On the Downloads section of its website, Safari 4.0.4 is described as a recommended update for all users, as it includes performance improvements, stability enhancements, and better security. The new version delivers an improved JavaScript performance, an improved Full History Search performance for users with a large number of history items, as well as stability improvements for third-party plug-ins, the search field and Yahoo! Mail.
However, the most important part of the update is security, as Apple reveals in a Support document on its website. Talking about the security content of Safari 4.0.4, the Mac maker reveals that six vulnerabilities have been patched in Safari 4.0.4, most of which have been discovered by the company’s own developers. Two Windows-specific holes are listed in Support document HT3949.
Available for pretty much every platform and OS version ranging from Mac OS X v10.4.11 and XP to Mac OS X v10.6.2 and Vista, "an issue exists in Safari's handling of navigations initiated via the ‘Open Image in New Tab,’ ‘Open Image in New Window,’ or ‘Open Link in New Tab’ shortcut menu options," Apple says. "Using these options within a maliciously crafted website could load a local HTML file, leading to the disclosure of sensitive information. The issue is addressed by disabling the listed shortcut menu options when the target of a link is a local file," the company explains.
A Windows-only vuln, available for both XP and Vista, is described as follows: "An integer overflow exists in the handling of images with an embedded color profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution." The company behind the Mac operating system claims to have addressed this issue "by performing additional validation of color profiles." Apple notes that the flaw is not present on systems running Mac OS X v10.6 (Snow Leopard), and that Mac OS X 10.5.8 has already seen this issue addressed in Security Update 2009-005.