Mega Apple patch fixes iPhone, Safari, OS X bugs

Apple has released security updates for three of its most high-profile products, patchting 54 vulnerabilities in its iPhone software, Safari 3 beta browser, and the OS X operating system.

The first update in the iPhone's history addressed four flaws. The update include patches for two flaws for the embedded Safari browser that leaves users vulnerable to cross-site scripting attacks and remote code execution, which could lead to theft of confidential information.

Also fixed is a flaw in the WebKit component that could allow an attacker to use what the company calls "look-alike characters" in the URL bar to trick unwary users into visiting malicious web sites. The WebKit flaw is also patched in the Safari and OS X updates.

Unconfirmed reports have suggested that the update disables various hacks and cracks that allowed users to circumvent key parts of the activation process. Apple did return a phone call seeking confirmation of those reports.

The iPhone update is installed automatically when users insert their devices into the dock.

With 45 security updates, OS X received the vast majority of the security fixes. Apple reported that 11 of the flaws could lead to the execution of arbitrary code, which is typically considered the most severe type of security bug. Other flaws included cross site vulnerabilities, buffer overflows and privilege escalation.

The iChat and Preview applications were among the components that leave the user vulnerable to the remote execution of malicious code.

The update also addresses four flaws in WebCore, the system component used to render HTML files. If exploited, the WebCore flaws could allow an attacker to execute malicious java applets without the user's permission, or steal confidential information through a cross-site scripting attack.

Mac users and iPhone owners are not the only people affected by today's update. Apple also released an update for Safari that patches four vulnerabilities in the Windows XP and Vista versions of the web browser. Three of the patches also affect the Mac version.

The impact of the Safari vulnerabilities range from cross-site scripting flaws to remote code execution.