Apple squashes WebKit bugs in latest Safari update

Three critical vulnerabilities in OS X web browser now plugged

Apple has solved three critical bugs affecting its Safari browser for OSX Mountain Lion, Mavericks and Yosemite.

In its latest browser update, Apple's closed security loopholes that allowed cyber criminals to steal user data and carry out remote code executions.

The patches in Safari 8.0.6, 6.2.6 and 7.1.6 for Yosemite, Mavericks and Mountain Lion respectively, all deal with vulnerabilities in WebKit, the open source software that powers both Safari and Google Chrome.

The first patch deals with three memory corruption issues (CVE-2015-1152, CVE-2015-1153 and CVE-2015-1154) that all allowed arbitrary code execution or unexpected application termination if a user visited a malicious website.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The second patch targets a vulnerability specifically located in WebKit History that could allow malicious actors to access contents on the filesystem through an unspecified state management issue (CVE-2015-1155).

Once again, the bug would be exploited when users visited compromised or specially crafted website targeted towards that vulnerability, but this time could lead to user information being compromised.

The third and final patch addresses what appears to be a phishing vulnerability (CVE-2015-1156).

On its support page announcing the updates, Apple said the bug could be exploited by a user clicking a link that led to a malicious website, which could lead to interface spoofing.

Full details of the nature of the vulnerabilities have not yet been made available. However, as the bug fixes have just been released it is likely this information will be made available through CVE databases in the coming week or so.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/business-strategy/33311/apple-launches-new-tv-gaming-and-finance-services
Business strategy

Apple launches new TV, gaming and finance services

25 Mar 2019
Visit/hardware/laptops/354509/apple-macbook-pro-16in-review-a-little-bigger-a-lot-better
Laptops

Apple MacBook Pro 16in review: A little bigger, a lot better

10 Jan 2020
Visit/mobile/23617/the-best-smartphones-to-buy
Mobile

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019
Visit/hardware/354336/the-it-pro-products-of-the-year-2019-all-the-years-best-hardware
Hardware

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020