Apple has announced that it has fixed some security bugs for its web browser, Safari, and that Safari 3.1.2, the latest version that includes the changes, is ready for download.

The main security threat that the new version addresses is a “carpet bomb” bug that allows malicious websites to download and execute files. The security problem is related only to Safari running on Windows XP or Vista operating system and is caused by a combination of both the name of the folder where Safari downloads files and the way Windows manages files.

Apple’s solution has been to change the default download folder to Documents, if running on Windows XP, or Downloads, if running on Windows Vista. What is more, all downloads will have to be approved by the user, who will be asked to click on an OK/Cancel button every time the browser wants to download a file.

Another bug that is fixed in the latest release of the web browser is one related to opening .bmp or .gif files. The problem occurred when a malicious file made possible reading a memory zone whose access would have normally been denied to the program.

Both problems do not affect Safari users that run the web browser on Mac OS systems. The carpet bomb bug was previously reported to Apple, but until now the company has considered it to be an unimportant problem. The latest Safari release also fixes a vulnerability that appears when the program is used together with Internet Explorer 7 and memory corruption vulnerability associated with JavaScript Arrays.