Apple posted an update to Safari that – amongst other fixes – patches 4 vulnerabilities in the Windows version and 2 in the OS X version of their flagship browser. One of the Windows issues – CVE-2007-2398 – is especially tricksy: “[the vulnerability allows] a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered.” The sad thing is that this was fixed in a previous beta but re-introduced. Sounds like Apple developers need some remedial lessons in secure coding practices.
Not much information on the firmware update, but Apple claims it fixes some stability issues, so fire up Software Update!
EFI Firmware Update Info – http://www.apple.com/support/downloads/macbookproefifirmwareupdate15.html & http://docs.info.apple.com/article.html?artnum=303364
Safari 3.1.1 Security Info – http://support.apple.com/kb/HT1467
If you experience any issues after installing either update or notice any improvements, drop a note in the comments.