Apple releases security update for Safari

Apple have released v4.0.3 of their web browser, Safari, largely to address a number of security issues in Vista, Windows XP and Mac OS X. This Safari 4.0.3 update is available through Apple's Software Update system, or as a download for Mac OS X 10.4.11, 10.5.7 and 10.5.8, Mac OS X Server 10.4.11, 10.5.7 and 10.5.8, and Windows XP and Vista.

The update focuses on six problems, some critical including buffer overflows in XP and Vista that can cause crashes or arbitrary code execution and a buffer overflow in Webkit that affects both Windows and Mac and again could lead to crashes or even malicious code execution.

The update also prevents the ability to promote malicious websites into Safari's Top Sites page, the disclosure of sensitive information, the launching of file URLs and provides fixes to the handling of look-a-like characters in domain names.

This final problem is also known as a homograph spoofing attack, where phishers may replace a Latin character in a URL with one from, say a Cyrillic alphabet, that looks visually similar to the Latin character but is actually perceived as an entirely different character by a browser. This enables phishers to register domain names that look similar to familiar brand names.