(LiveHacking.Com) — Following the launch of OS X 10.7 (AKA Lion) which includes version 5.1 of Apple’s web browser Safari, Apple has released Safari 5.1 for Windows and OS X 10.6 and Safari 5.0.6 for OS X 10.5.
Safari 5.1 and 5.0.6 address multiple security vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site scripting attack, or disclose sensitive information.
Apple lists over 57 different CVE IDs in its security content of Safari 5.1 and Safari 5.0.6 advisory with web kit receiving the largest number of fixes.
Since other web browser like Google’s Chrome use web kit, Safari indirectly benefits from Google’s Chrome Security Award scheme. Names like Sergey Glazunov (a frequent winner under Google’s scheme) and Abhishek Arya (Inferno) of the Google Chrome Security Team are listed by Apple.
New security features in Safari 5.1 include
- Privacy Pane – Some websites you visit can leave data on your computer. The new Privacy pane in Safari preferences shows what kind of data websites are storing and lets you remove it. You can also customize cookie settings and choose whether websites can request your location information.
- Private AutoFill – Safari makes sure your information is kept private. Whenever you come across a web form, Safari automatically detects it and lets you choose to use AutoFill to complete the form with information from your Address Book. No information is ever added to a form automatically unless you say it’s OK.
- Sandboxing [OS X Lion only] – Sandboxing is a security feature that helps prevent websites from tampering with your computer. All the web content and applications you use in Safari on Lion are sandboxed, so websites can’t use exploits to access your system. If a website contains malicious code intended to capture personal data or take control of your computer, sandboxing automatically blocks it to keep your computer and your information safe.
Safari 5.1 is available for Mac OS X 10.6, Windows XP, Vista and Windows 7 and can be downloaded from http://www.apple.com/safari/