Apple on Thursday issued updates for its Safari Web browser to fix more than two dozen vulnerabilities that left the browser open to Web-based attacks.
The company released Safari versions 5.0.3 and 4.1.3 for Mac OS X and Windows XP SP2, Vista and Windows 7. The updated versions fix 27 reported vulnerabilities in the Safari Webkit component that made Safari users vulnerable to Web based attacks that could crash the browser or, in a worst case scenario, allow attackers to run their own malicious code on vulnerable systems.
Apple published a knowledge base article describing the updates to Safari. US-CERT issued an advisory on Friday suggesting that Safari users read the knowledge base article and apply the updates.
WebKit is used to render Web page content within browsers, including hyperlinking, browser history and so on. The component is native to Safari and is separately managed as an open source project that has been ported to other platforms as well. Vulnerabilities in WebKit have recently snagged other platforms, as well, including Google’s Android Mobile O.S. researcher MJ Keith of Alert Logic published code to exploit a known WebKit vulnerability in Android’s 2.0 and 2.1 operating systems. That hole has been fixed in the latest version of Android, 2.2, but only a minority of Android phones in use have upgraded to the latest version, according to Google data.