Apple published an update of its Safari browser on Thursday that plugs 16 security vulnerabilities.

Safari 4.0.5, available for Mac OS X and Windows, fixes a slew of critical code injection and information disclosure bugs. Unpatched Windows boxes running Safari are more exposed than their Mac counterparts by flaws that mean surfers who stray onto malicious sites might be exposed to drive-by malware-style attacks. Several critical bugs in the WebKit engine powering Safari mean that all flavours of the browser need a re-tune.

Vulnerable Safari components include ColorSync, ImageIO and the WebKit engine, as explained in Apple's advisory here. ®

Related stories

• Apple patches 13 bugs in OS X (25 August 2010)
• Code-execution bug found in Apple Safari (10 May 2010)
• Apple QuickTime update blocks media player bugs (1 April 2010)
• New Internet Explorer code-execution attacks go wild (9 March 2010)
• Firefox alpha dons Flash flak jacket (5 March 2010)
• Interview Opera's Jon Von Tetzchner on browser choice, the iphone and Google (1 March 2010)
• Microsoft spits out 'browser choice' update to appease EC antitrust probe (1 March 2010)
• Attack code for Firefox zero-day goes wild, says researcher (18 February 2010)
• Contest offers $100,000 for smartphone, browser hacks (16 February 2010)
• iPhone vulnerable to remote attack on SSL (2 February 2010)