Along with the release of their new Lion OS X, Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical.
Fifty-eight security vulnerabilities in total are addressed in the update, including fixes for Java, Webkit and a flaw in the browser’s CFNetwork API that could enable cross-site scripting (XSS) attacks. Additional patches for the browser’s CoreGraphics and ImageIO framework are included the update that will prevent application termination or arbitrary code execution.
The full list of updates can be found at Apple’s support site.
In conjunction with the new OS, Apple has added some Lion-specific features to Safari including an Instapaper-like Reading List, full-screen browsing and multi-touch gestures. On the privacy front, Safari has enabled private autofill, allowing users to select how much of their contact information is saved, along with revamped cookie settings and sandboxing.
Apple’s Safari follows in the footsteps of Adobe’s Reader and Google’s Chrome browser, both of which have included sandboxing in recent builds in order to limit the effects of some browser-based attacks.
The latest stable release of Safari is included with Lion and is also available for download at Apple’s site. Those still running Apple’s Leopard OS can download Safari 5.0.6 here to fix an assortment of web applications, HTML5 and frame issues.