Apple releases early fixes to OSX Lion's browser

Users of Apple Inc.'s newest operating system OS X Lion, take heed: Your shiny new OS may already have some chinks this early. Apple on Wednesday released an update to its Safari browser versions 5.0.6 and 5.1 - with version 5.1 included in Lion. "(The security content applies to) Safari 5.1 and Safari 5.0.6. Safari 5.1 is included with OS X Lion," Apple said in a Knowledge Base article. Lion was made available for download earlier this week. Apple claimed that more than one million users bought and downloaded it during the first 24 hours after its launch. Computer security firm Sophos noted the update to Safari addressed a whopping 57 common vulnerabilities and exposures (CVEs). "Note that even though the update came out after the official release of Lion, the brand-new 10.7 flavor of OS X needs this update too. So don't assume that you have the latest Safari because you have the very latest OS X. You don't," Sophos Asia Pacific head of technology Paul Ducklin said in a blog post. He noted the CVEs included:

• 46 might lead to remote code execution;
• four to information disclosure;
• three to the spoofing of addresses or content;
• three to cross-site scripting; and
• one to the mismanagement of SSL certificates.

Ducklin said the update also features improvements and new features, but said this should wake some Mac "fanboys" from the notion their OS is invulnerable. "Once again, to Mac fanbuoys (and gurls) who insist that Macs are vulnerable only to the sort of malware infection which relies on the user agreeing to a sequence of dubious-looking installation steps: look at all the entries in the list below labelled EXEC. These denote possible remote code execution vulnerabilities in the Safari product," he said. — TJD, GMA News