Apple Fixes Safari in New OS Release

Friday, December 20, 2013 @ 03:12 PM gHale

Vulnerability fixes for the Safari browser are now within Apple’s latest Mavericks operating system (version 10.9.1).

Safari 7.0.1 released Monday, and the browser update addresses eight arbitrary code execution flaws, as well as a bug that could allow the disclosure of users’ credentials.

Password Leakage in Safari
Google Fixes Chrome Hole
Security Fixes for Firefox 25
Browser Security Warnings Effective

Arbitrary code execution vulnerabilities could lead to “unexpected application termination” or to malicious code executed by an attacker if a user visits an infected website, the company revealed.

Google’s Chrome security team disclosed three of the code execution flaws to Apple.

Exploit of the information disclosure bug in Safari (CVE-2013-5227) could end up leveraged through websites that utilize autofill, Apple said.

“Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame,” Apple said of the bug. “This issue was addressed through improved origin tracking.”

Leave a Reply

You must be logged in to post a comment.