14 DAY TRIAL // While Safari 5 (for Leopard, Snow Leopard and Windows) and Safari 4.1 (for Tiger) address the same set of security issues, the majority of the vulnerabilities documented by Apple affect WebKit, the open-source engine powering the browser. A total of 48 security holes have been plugged by the Mac maker, according to a knowledge base article posted on the Support section of Apple’s website.
Over at Apple’s Support area, tech note HT4196 delves deep into the security content of Safari 5.0 and Safari 4.1. Most of the addressed issues are pretty serious. Most of them were also found in WebKit, as noted above. A list of some of the most severe plugged holes can be found below, as described by Apple.
· ColorSync CVE-2009-1726 — A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. · Safari CVE-2010-1384 — Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. These URLs are often used to confuse users, which can potentially aid phishing attacks. · Safari CVE-2010-1385 — A use after free issue exists in Safari’s handling of PDF files. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. · Safari CVE-2010-1750 — A use after free issue exists in Safari’s management of windows. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. · WebKit CVE-2010-1392 — A use after free issue exists in WebKit’s rendering of HTML buttons. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. · WebKit CVE-2010-1119 — A use after free issue exists in WebKit’s handling of attribute manipulation. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. · WebKit CVE-2010-1422 — An implementation issue exists in WebKit’s handling of keyboard focus. If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase.