Safari update cages numerous security bugs
Code inject and info flaws fixed
Apple published an update of its Safari browser on Thursday that plugs 16 security vulnerabilities.
Safari 4.0.5, available for Mac OS X and Windows, fixes a slew of critical code injection and information disclosure bugs. Unpatched Windows boxes running Safari are more exposed than their Mac counterparts by flaws that mean surfers who stray onto malicious sites might be exposed to drive-by malware-style attacks. Several critical bugs in the WebKit engine powering Safari mean that all flavours of the browser need a re-tune.
Vulnerable Safari components include ColorSync, ImageIO and the WebKit engine, as explained in Apple's advisory here. ®