Apple has released an update to its Safari browser, version 6, that plugs 121 security holes, most of which involve the WebKit rendering engine.
The Safari update fixes a staggering 121 vulnerabilities, 117 of those flaws in WebKit, a browser engine designed to render HTML webpages. Most of the WebKit vulnerabilities could result in an unexpected application termination or arbitrary code execution if the user visits a maliciously created website, according to the security update.
Apple also patched two issues with the handling of feed:// URLs – one is a cross-site scripting vulnerability that could be exploited if a user visited a maliciously crafted site, and the other is an access control issue that could be exploited to send files from a user’s system to a remote server.
Another Safari fix resolves a problem in which passwords may autocomplete even when the site specifies that autocomplete should be disabled.