Security News

Apple has issued updates to its web browser for Snow Leopard users, releasing Safari 5.1.10 to address two Safari vulnerabilities, CVE-2012-3748 and CVE-2013-0997. This update is available for Mac OS X 10.6.8 and Mac OS X Server 10.6.8.

The exploit CVE-2012-3748 has to do with a Safari vulnerability that was patched in November of 2012, and affects Apple iOS before 6.0.1 and Safari before 6.0.2. The exploit CVE-2013-0997 fixes a WebKit issue, as used in Apple iTunes before 11.0.3.

Apple provided the following information about the security content of Safari 5.1.10:

Vulnerabilities: CVE-2012-3748, CVE-2013-0997

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in JavaScriptCore’s JSArray::sort() method. These issues were addressed through additional bounds checking.

Snow Leopard users can install Safari 5.1.10 by choosing Apple menu > Software Update (if prompted, enter an admin password), or you can get it from Apple’s Safari download site at: http://support.apple.com/downloads/#safari