Apple released two software updates this week to fix six vulnerabilities in its browser and a single issue with the domain-name software included with Mac OS X.

The company's patch for its Safari Web browser includes fixes for six vulnerabilities in the Microsoft Windows version of the browser and four flaws in the version for Mac OS X. Three of the fixes for each platform involved the core HTML rendering software, known as WebKit, and could lead to information disclosure or exploitation of the user's system.

A vulnerability that affects both versions of the Safari browser could allow an attacker to insert a Web site into the Top Sites page, the company said.

"It is possible for a malicious website to promote arbitrary sites into the Top Sites view through automated actions," Apple said in its advisory. "This could be used to facilitate a phishing attack. This issue is addressed by preventing automated website visits from affecting the Top Sites list. Only websites that the user visits manually can be included in the Top Sites list."

The company also fixed an issue in the BIND domain-name service (DNS) server included with its operating system. The issue, announced by the BIND developer Internet Software Consortium in July, could allow an attacker to crash the name server's process, Apple said in its advisory.

Apple bundles the BIND domain-name service (DNS) server with both Mac OS X and Mac OS X server, but the software is not enabled by the default, according to the company's advisory.

If you have tips or insights on this topic, please contact SecurityFocus.