Apple Safari 4.0.3. Is it a 'haphazard' security update?
Apple is updating its Safari web browser on both Mac and Windows platform to version 4.0.3. The new browser releases fixes at least 6 different security issues that could potentially expose users to risk.
The Safari 4.0.3 update follows a Mac OS X 10.5.8 update by a week, which has caused one security analyst to label Apple's software update process as occurring,"...at a haphazard pace."
"This release makes the contrast between the security processes of Microsoft
and Apple even more stark," Andrew Storms, director of security operations for
nCircle, said in an e-mail sent to InternetNews.com. "Microsoft's release was planned, but Apple's updates
seem to arrive at a haphazard pace."
Looking at the Safari 4.0.3 update itself, two of the fixed issues - one for ImageIO and one for CoreGraphics - are both malicious image issues for Windows users. Similar issues were fixed in Mac OS X 10.5.8 itself at an operating system level and not the browser level.
Additionally, Safari 4.0.3 includes, three advisories for issues affecting its WebKit rendering engine. WebKit is a technology also used by Google Chrome and as such, I suspect that there is a level of what I will call 'developer diplomacy' that Apple needs to navigate in order not to expose other WebKit users to risk pre-maturely.