According to the accompanying advisory, a majority of the bugs -- eight out of the 11 in Windows, two of the four in Mac OS X -- were pegged with the phrase "arbitrary code execution," Apple's way of saying that the vulnerability is critical and could be exploited by hackers to hijack a PC or Mac.
Several of the Windows-specific vulnerabilities were due to poor handling of various image formats -- including those with .tif and .jpg file extensions -- by the browser, while others could be used to steal personal information or crash the computer.
Three of the bugs, all pertinent only to the Mac edition, were WebKit vulnerabilities that had been fixed previously by the open-source project's developers. Safari, like Google Inc.'s Chrome, uses the WebKit engine.
Of the three WebKit-related flaws, one was attributed to Billy Rios and Nitesh Dhanjani, researchers who work for Microsoft and Ernst & Young, respectively. Of the two, Dhanjani is probably better known; earlier this year, he disclosed the so-called "carpet bomb" threat to browsers in general, Safari in particular.
After first denying that the threat was a security issue, Apple did a turn-about and patched its browser in mid-June. Mozilla and Google soon followed suit.
Safari 3.2 can be downloaded from Apple's site, while existing installations can be updated using the browser's built-in update feature, or on Windows, by running the separate Apple Software Update utility.