Apple released Safari 5.0.5, which fixes two security flaws affecting WebKit, the HTML rendering framework. Both fixes correct issues whereby “visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.”
The Safari update is for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, XP SP2 or later.
In addition, Apple issued security updates for Leopard, Leopard (Server), and Snow Leopard. Included in the updates is a fix focusing on fraudulent Comodo certificates. The fix prevents an attacker with a privileged network position from intercepting user credentials or other sensitive information.
“Several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue is addressed by blacklisting the fraudulent certificates”, Apple wrote.
The updates can be downloaded from Apple’s Support Website or via Software Update. Safari 5.0.5 ranges in size from 33.97MB for Windows to 52.59MB for Snow Leopard; the Leopard Security update comes in at 241.35MB, the Leopard Server update at 473.19MB, while the Snow Leopard Security Update is 4.43MB.