Security & Privacy

Two security vulnerabilities in Safari are being addressed in an update of the browser software released by Apple earlier today. This update coincides with Apple’s iOS 6.0.1 software update, which addressed multiple security problems. The 48.5 MB update to Safari 6.0.2 is available for OS X Lion and OS X Mountain Lion, and is recommended as it fixes security flaws in the software.

One of the flaws addressed in Safari 6.0.2, CVE-2012-5112, is a use-after-free vulnerability in the SVG implementation in WebKit that allows remote attackers to execute arbitrary code “via unspecified vectors.” The other flaw, CVE-2012-3748, could lead to an unexpected application termination or arbitrary code execution if a user stumbled upon a maliciously crafted website. Apple described it as “A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.”

Mac users can update Safari from the Apple menu, choose Software Update (if prompted, enter an admin name and password).