Apple updates Safari for security

A security update from Apple fixes multiple security holes in Safari, but a lack of transparency makes it hard to judge how severe the threats are.

Apple released a security update for its Safari Web browser on Wednesday. Available for Windows and Mac, Safari 4.0.4 plugs what sound like moderate to severe security holes. Unlike competitors Internet Explorer, Firefox, and Chrome, Apple doesn't rate the severity of its security fixes.

The security fixes address a wide range of problem points. On both Windows and Mac, parsing maliciously written XML content could have led to a browser crash, using shortcut menu options within a maliciously created Web site could have led to the disclosure of local information, and visiting a maliciously built Web site could have resulted in unexpected actions on other opened Web sites.

For Windows only, viewing a maliciously made image with an embedded color profile that could lead to a browser crash or running arbitrary code is no longer a threat, nor is accessing a maliciously crafted FTP server, which could have led to an unexpected crash, information disclosure, or arbitrary code execution. For Mac only, an exploit that could have allowed e-mail to remotely load audio and video content when loading a remote image has been disabled.

Although it's good practice to update a program whenever a security fix has been released, more transparency from Apple on the matter would pull the company up to competitors' standards.

Click here to read the full changelog for Safari 4.0.4.