Security News

Apple recently issued security updates to its web browser for Mountain Lion, Mavericks, and Yosemite, releasing Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1. These updates address multiple WebKit flaws.

The new Safari versions are available for: Mac OS X 10.8.5, Mac OS X 10.9.5, and Mac OS X 10.10.1.

Apple’s Safari 8.0.1, Safari 7.1.1 and Safari 6.2.1 mitigate the following vulnerabilities:

• CVE-2014-4465 : Style sheets are loaded cross-origin which may allow for data exfiltration. An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs.
• CVE-2014-1748 : Visiting a website that frames malicious content may lead to UI spoofing. A UI spoofing issue existed in the handling of scrollbar boundaries. This issue was addressed through improved bounds checking.
• CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

Mac users can install the updated Safari web browser by choosing Apple menu > Software Update (if prompted, enter an admin password), or the updates may be obtained from the Mac App Store.