Apple Fixes Safari Browser Flaws
Apple plugged six security holes in its Safari browser recently, a number of which left users vulnerable to code execution by attackers. But the patches are not just limited to just Mac OS X users.Apple has issued a new round of patches to cover critical issues in its Safari browser. All totaled, Apple plugged six security holes. Three of them cover problems in the browser's Webkit engine, which also powers Google Chrome. Arguably the most serious of the Webkit issues is a buffer overflow vulnerability in the engine's parsing of floating point numbers. If a user visits a malicious Web page, an attacker can exploit the situation to execute code on the compromised system, Apple warned in the advisory.
In addition to the Webkit bugs, there is a fix for a flaw tied to the Top Sites feature Apple introduced in Safari 4.0. Designed to provide users with thumbnails of sites they frequently surf, the feature can be abused by attackers to lure users to rogue sites.