Apple plugs staggering number of holes in Safari browser | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has released an update to its Safari browser, version 6, that plugs 121 security holes, most of which involve the WebKit rendering engine.

 

The Safari update fixes a staggering 121 vulnerabilities, 117 of those flaws in WebKit, a browser engine designed to render HTML webpages. Most of the WebKit vulnerabilities could result in an unexpected application termination or arbitrary code execution if the user visits a maliciously created website, according to the security update.

 

Apple also patched two issues with the handling of feed:// URLs – one is a cross-site scripting vulnerability that could be exploited if a user visited a maliciously crafted site, and the other is an access control issue that could be exploited to send files from a user’s system to a remote server.

 

Another Safari fix resolves a problem in which passwords may autocomplete even when the site specifies that autocomplete should be disabled.

 

Read more:

http://www.infosecurity-magazine.com/view/27219/apple-plugs-staggering-number-of-holes-in-safari-browser/?utm_source=twitterfeed&utm_medium=twitter