Safari 5 packs dozens of security patches
One thing that hasn't quite made the headlines, however, is the fact that the new browser also comes with a lot of security patches. And we mean a lot: according to a Knowledge Base article from Apple, Safari 5.0 includes a whopping 48 security fixes.
Among the holes patched by the update are a handful or prominent ones, including a long-standing bug across many browsers that could allow users’ history to be compromised; Safari is the first major browser to fix that vulnerability. Apple also credit a number of patches to TippingPoint’s Zero Day Initiative, which sponsors the annual Pwn2Own security contest. This year Safari on both the Mac and iPhone were compromised by exploits—it appears that the holes allowing such exploits have now been closed.
The included updates seem to touch on many different areas of the application, though the majority appear to revolve around WebKit, Safari’s underlying HTML-rendering engine. This, at least in theory, could mean that those bugs might have affected other WebKit-based browsers like Chrome; in fact, the Common Vulnerabilities and Exposures List, a database of vulnerabilities maintained by MITRE and sponsored by the Department of Homeland Security, credits Google engineers with the discovery of several of the issues listed by Apple.
Concurrently with Safari 5, Apple has also released an update for Safari 4 incorporating many of the same patches. Both are available through Software Update or can be downloaded from the Safari section of the Apple Website.