Apple squashes WebKit bugs in latest Safari update

Three critical vulnerabilities in OS X web browser now plugged

Apple has solved three critical bugs affecting its Safari browser for OSX Mountain Lion, Mavericks and Yosemite.

In its latest browser update, Apple's closed security loopholes that allowed cyber criminals to steal user data and carry out remote code executions.

The patches in Safari 8.0.6, 6.2.6 and 7.1.6 for Yosemite, Mavericks and Mountain Lion respectively, all deal with vulnerabilities in WebKit, the open source software that powers both Safari and Google Chrome.

The first patch deals with three memory corruption issues (CVE-2015-1152, CVE-2015-1153 and CVE-2015-1154) that all allowed arbitrary code execution or unexpected application termination if a user visited a malicious website.

The second patch targets a vulnerability specifically located in WebKit History that could allow malicious actors to access contents on the filesystem through an unspecified state management issue (CVE-2015-1155).

Once again, the bug would be exploited when users visited compromised or specially crafted website targeted towards that vulnerability, but this time could lead to user information being compromised.

The third and final patch addresses what appears to be a phishing vulnerability (CVE-2015-1156).

On its support page announcing the updates, Apple said the bug could be exploited by a user clicking a link that led to a malicious website, which could lead to interface spoofing.

Full details of the nature of the vulnerabilities have not yet been made available. However, as the bug fixes have just been released it is likely this information will be made available through CVE databases in the coming week or so.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Fortnite creator sues Google and Apple over app store cut
Mobile

Fortnite creator sues Google and Apple over app store cut

14 Aug 2020
Apple hit with $1.4 billion Siri patent infringement lawsuit
Policy & legislation

Apple hit with $1.4 billion Siri patent infringement lawsuit

3 Aug 2020
Apple acquires startup to turn iPhones into payment terminals
Technology

Apple acquires startup to turn iPhones into payment terminals

3 Aug 2020
Big tech CEOs grilled by House Judiciary Committee’s antitrust panel
Policy & legislation

Big tech CEOs grilled by House Judiciary Committee’s antitrust panel

30 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

3 Aug 2020