Remember the discussion about a vulnerability in the AutoFill feature of the Safari Web Browser?

Well Apple has updated Safari to version 5.01 and it is ready for download from the Apple Safari web page to address that and a few other issues.


Now I did review this page and there is a lot of info on this page about a new feature called Safari Extensions that look a little bit like Web Slices in Internet Explorer. 

The one thing that was conspicuously absent from the Safari pages was any mention of the vulnerability with the AutoFill feature nor any mention that this update addressed that vulnerability or any others.

I had to go in search of that info to verify that the 5.01 update addresses that.  I found what I was looking for at the United States Computer Emergency Readiness Team or US-CERT:

Apple Releases Safari 5.0.1 and Safari 4.1.1

added July 28, 2010 at 01:35 pm

Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT4276 and apply any necessary updates to help mitigate the risks.

Well if you click on that Apple support article link you will see that the update actually addresses 15 issues with Safari and the WebKit.

I still do not understand though.  Why hide the fact the update address the vulnerability? Couldn’t they have linked to the Apple support article from the Safari download page to make finding the information easier?

It also seems most of the major tech sites are only reporting the update relating to the Safari Extensions and no mention of the fix for the vulnerabilities.

Things that make you go Hmmmmm.