Apple swats 17 bugs on Safari

Webkit flaws in OS X could lead to arbitrary code execution in browser

Security flaw

Apple has put out new versions of its Safari web browser for OS X to fix a number of vulnerabilities that could enable hackers to run malicious code on a Mac. 

In a security advisory, Apple warned that 17 bugs affect Safari 8.0.4 for OS X 10.10 Yosemite, Safari 7.1.4 for OS X 10.9 Mavericks and Safari 6.2.4 for OS X 10.8 Mountain Lion.

The first patch fixes a number of memory corruption problems in WebKit that could lead to an unexpected application termination or arbitrary code execution. Apple said that these issues were addressed through improved memory handling. 

The second vulnerability concerned a user interface inconsistency in Safari itself that could prevent users from discerning a phishing attack. An attacker could misrepresent the URL in the browser, folling the user into thinking a website was genuine. Apple said this was fixed by improving  user interface consistency checks. 

Users can download the latest Safari versions 8.0.4, 7.1.4 and 6.2.4 for free through Software Update. 

Apple did not give any further detail on the bugs or whether they had been exploited by criminals. 

"For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," according to the website notice. 

The patches comes days after Apple was forced to roll out a number of security updates.

Apple, as well as Microsoft and Google, have had to rush up fixes caused by the FREAK vulnerability, discovered in March

The FREAK or Factoring Attack on RSA-EXPORT Keys flaw, is an SSL vulnerability that resulted from a ruling by the US government in the nineties that banned the export of strong encryption. 

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020