Security News

Apple has released Safari 6.1.1 and Safari 7.0.1 with patches for 9 vulnerabilities to improve its web browser security. The Safari updates address an information disclosure bug and multiple memory corruption issues in WebKit.

Apple also released a system update to OS X Mavericks, updating to version 10.9.1.

Safari 6.1.1 and Safari 7.0.1 are available for OS X Lion 10.7.5, OS X Lion Server 10.7.5, OS X Mountain Lion 10.8.5, and OS X Mavericks 10.9. Apple’s OS X 10.9.1 update includes the security content of Safari 7.0.1.

The following vulnerabilities were fixed in Safari 6.1.1 and Safari 7.0.1:

• CVE-2013-5227 : User credentials may be disclosed to an unexpected site via autofill. Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking.
• CVE-2013-2909, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

Mac users running OS X Lion systems can install the Safari 6.1.1 update by choosing Apple menu > Software Update (if prompted, enter an admin password). For users running OS X Mountain Lion systems, Safari 6.1.1 may be obtained from the Mac App Store. For users running OS X Mavericks systems, Safari 7.0.1 is included in OS X Mavericks 10.9.1.