14 DAY TRIAL // Update: many users are reporting issues with the new Safari 3.2. If you do not depend on the security tweaks brought by the new release, it's probably best just to wait for a more stable version of the web browser to come out.
Apple has released a new version of its standard web browser, Safari. Version 3.2 addresses several security issues, including phishing protection and identification of online businesses. Other fixes include improved JPEG and TIFF image handling.
Apple reveals that Safari 3.2, available for both Leopard and Tiger, as well as for Windows Vista or XP “is recommended for all Safari users, and features protection from fraudulent phishing websites and better identification of online businesses. This update also includes the latest security updates,” Apple notes. The latter concerns JPEG and TIFF image handling, preventing certain malicious files from closing the program or executing an arbitrary code, as well as XML document processing, correcting a heap buffer overflow vulnerability. Bugs addressed on the Windows side include bounds checking and zlib 1.2.2 issues.
A fix for a problem that sometimes allowed form field information to be stored in the page cache, even if the autocomplete function was disabled, is especially noteworthy. Apple learned that this would disclose sensitive information to a local console user, and sought to describe the fix.
“Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a local user. This update addresses the issue by properly clearing the form data. Credit to an anonymous researcher for reporting this issue,” the support page of Apple reveals. The patch is available for Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista.
To see the rest of the vulnerabilities addressed in Safari 3.2, view Apple's support page, which contains a document on the security content of Safari 3.2. To update your current version of the browser, either use the Software Update mechanism in Leopard / Tiger (Apple Menu -> Software Update), or download the standalone installer using the link below.