Safari 5.1.4 update patches slew of security vulnerabilities
The patch count was a record for Safari 5, which Apple released in June 2010, three months before launching OS X Snow Leopard.
Of the 83 vulnerabilities, Apple tacitly classified 72 as critical.
Although Apple does not formally rate vulnerabilities using a threat scale like Microsoft, the phrase “may lead to … arbitrary code execution” in its security advisories describes the type of bugs that attackers could theoretically use to compromise a Mac and plant malware on the machine.
None of the vulnerabilities have been used in actual attacks, however.
Monday’s update easily beat Safari 5’s former record of 62 patches, set in March 2011. Apple issued other large collections for its browser last year, including a 58-patch upgrade in July and one of 43 in October.
Seventy-two of the 83 flaws were patched in WebKit, the open-source browser engine that powers both Safari and Google’s Chrome. Apple tagged them all as memory corruption bugs that could be triggered simply by visiting a malicious site.
More than half of the WebKit vulnerabilities were reported by Chrome’s security team or by independent researchers who submit bugs to Google’s bounty program.
The same WebKit vulnerabilities had been patched previously by Apple, both in the iOS mobile operating system with last Wednesday’s upgrade to version 5.1, and in iTunes 10.6, another update last week.
iTunes relies on WebKit to render its online store.
Because of Google’s persistence in rooting out vulnerabilities in WebKit, it was no surprise that many of the bugs Apple patched in Safari on Monday had been addressed by Google in Chrome months earlier.
Several flaws fixed in Safari 5.1.4, for instance, had been patched in September, 2011 when Google upgraded its browser to version 14, and in a subsequent October 2011 update.
Besides the security patches, Apple also addressed a number of other performance, stability and compatibility issues.
Other bug fixes addressed screen dimming while watching HTML5 video, sluggish browser startup and flashing webpages when switching between Safari windows.
Safari can be downloaded from Apple’s website for Snow Leopard or Lion on a Mac, and for Windows XP, Vista and Windows 7 on a PC. Mac OS X users will be notified of the new version automatically, while Windows users already running Safari will be alerted by the Apple Software Update tool.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg’s RSS feed. His email address is firstname.lastname@example.org.