Apple Fixes Safari Holes

Thursday, March 19, 2015 @ 03:03 PM gHale


Apple fixed security holes with the release of Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4.

Sixteen memory corruption issues were in WebKit, the layout engine software component used by the browser for rendering web pages, according to a security advisory published by the company.

RELATED STORIES
Tool Cracks Apple Device Passwords
Android, iOS Apps Vulnerable to FREAK
Apple Gets the FREAK Out
Phishers Target Apple Device Theft Victims

Apple did not disclose the details of the vulnerabilities, but the company has noted that visiting a malicious website set up to exploit these flaws can lead to unexpected application termination or arbitrary code execution. The issues ended up fixed through improved memory handling, Apple said.

Another vulnerability identified in WebKit and fixed in the latest versions of Safari was a user interface inconsistency (CVE-2015-1084) where an attacker could leverage it to misrepresent the URL.

“Inconsistent user interface may prevent users from discerning a phishing attack,” Apple wrote in the advisory. That problem ended up fixed in Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 through improved user interface consistency checks.

Apple’s own security team discovered a majority of the issues, while one of the holes ended up found by the Google Chrome Security Team.



Leave a Reply

You must be logged in to post a comment.