Apple squashes WebKit bugs in latest Safari update

Three critical vulnerabilities in OS X web browser now plugged

Apple has solved three critical bugs affecting its Safari browser for OSX Mountain Lion, Mavericks and Yosemite.

In its latest browser update, Apple's closed security loopholes that allowed cyber criminals to steal user data and carry out remote code executions.

The patches in Safari 8.0.6, 6.2.6 and 7.1.6 for Yosemite, Mavericks and Mountain Lion respectively, all deal with vulnerabilities in WebKit, the open source software that powers both Safari and Google Chrome.

The first patch deals with three memory corruption issues (CVE-2015-1152, CVE-2015-1153 and CVE-2015-1154) that all allowed arbitrary code execution or unexpected application termination if a user visited a malicious website.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The second patch targets a vulnerability specifically located in WebKit History that could allow malicious actors to access contents on the filesystem through an unspecified state management issue (CVE-2015-1155).

Once again, the bug would be exploited when users visited compromised or specially crafted website targeted towards that vulnerability, but this time could lead to user information being compromised.

The third and final patch addresses what appears to be a phishing vulnerability (CVE-2015-1156).

On its support page announcing the updates, Apple said the bug could be exploited by a user clicking a link that led to a malicious website, which could lead to interface spoofing.

Full details of the nature of the vulnerabilities have not yet been made available. However, as the bug fixes have just been released it is likely this information will be made available through CVE databases in the coming week or so.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/business-strategy/33311/apple-launches-new-tv-gaming-and-finance-services
Business strategy

Apple launches new TV, gaming and finance services

25 Mar 2019
Visit/hardware/33929/jony-ive-a-retrospective
Hardware

Jony Ive: A retrospective

29 Nov 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/hardware/34606/apple-ipad-102in-2019-review-the-ipad-grows-up
Hardware

Apple iPad 10.2in (2019) review: The iPad grows up

10 Oct 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019