Security Fixes for Apple Safari

Tuesday, May 27, 2014 @ 07:05 PM gHale


Apple released new versions of Safari for OS X 10.9 Mavericks and OS X 10.8 Mountain Lion, patching two bugs related to WebKit that could allow malicious sites to run code on a user’s computer.

According to Apple, Safari 7.0.4 for OS X 10.9 Mavericks and Safari 6.1.4 for OS X 10.8 Mountain Lion both address a WebKit flaw in which arbitrary code could execute on a host computer when visiting a malicious website. The same issue can also cause Safari to unexpectedly crash.

RELATED STORIES
Firefox 29 Includes 14 Security Fixes
Zero Day for Internet Explorer
Chrome Update Includes 31 Security Fixes
Security Fixes Highlight New Safari Release

A second problem with WebKit’s handling of unicode characters in URLs that allows a maliciously crafted URL to send out false postMessage origins, thus overcoming the receiver’s origin check. The issues ended up resolved through enhanced encoding and decoding.

The latest Safari for OS X versions come a month and a half after the previous Safari 7.0.3 and 6.1.3 updates released in early April. The older iterations brought granular control over push notifications and support for new top-level domain names like “.cab” and “.clothing.”



Leave a Reply

You must be logged in to post a comment.