Apple has issued security updates to Safari, updating its web browser to version 6.0.3. The 48.5 MB update to Safari 6.0.3 is available for OS X Lion v10.7.5 and OS X Mountain Lion v.10.8.2, and fixes a number of WebKit flaws and some cross-site scripting issues. The software update coincides with Apple’s released of OS X Mountain Lion v10.8.3 and Security Update 2013-001, which addressed multiple security problems and includes a malware removal tool.
Fixed in the Safari 6.0.3 update are a couple of use-after-free vulnerabilities, multiple memory corruption issues that existed in WebKit, a cross-site scripting issue that existed in the handling of frame elements, and a cross-site scripting issue that existed in the handling of content pasted from a different origin.
Following are details of the two use-after-free vulnerabilities resolved in this software update:
Also resolved in this update are 13 memory corruption flaws that existed in WebKit, which may lead to an unexpected application termination or arbitrary code execution if visiting a maliciously crafted website. Apple addressed these issues “through improved memory handling.”
Following are details of the WebKit flaws fixed in this update:
Additionally, a cross-site scripting issue was resolved in this update, which existed in the handling of frame elements and may impact users visiting a maliciously crafted website with a cross-site scripting attack. Apple addressed this problem “through improved origin tracking.”
Following are details of CVE-2012-2889:
Lastly, another cross-site scripting issue existed in the handling of content pasted from a different origin. “Copying and pasting content on a malicious website may lead to a cross-site scripting attack,” described Apple on the impact of this flaw. Apple addressed this problem “through additional validation of pasted content.”
Following are details of CVE-2013-0962:
Here at Intego, we always recommend updating your software regularly as it is an essential layer of security that helps protect your digital life. Mac users can install the latest updates by choosing Apple menu > Software Update (if prompted, enter an admin password).