Site icon The Mac Security Blog

Safari 6.0.5 Update Fixes Multiple WebKit Flaws

Apple has updated Safari to version 6.0.5 with fixes for multiple WebKit flaws. The 48.9 MB update to Safari 6.0.5 improves stability for some websites with chat features and games, and contains security fixes for a number of WebKit flaws including memory corruption issues and cross-site scripting issues. The software update coincides with Apple’s release of Security Update 2013-002.

Apple’s Safari 6.0.5 update is available for OS X Lion v10.7.5, OS X Lion Server v10.7.5, and OS X Mountain Lion v10.8.3. OS X Mountain Lion v10.8.4 includes the content of Safari 6.0.5.

The Safari update addressed multiple memory corruption issues that existed in WebKit. According to Apple’s description, the impact to users visiting a maliciously crafted website would lead to an unexpected termination or arbitrary code execution. These issues were addressed through improved memory handling.

CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1009, CVE-2013-1010, CVE-2013-1011, CVE-2013-1023

In addition to resolving the above CVEs, the Safari update addressed a cross-site scripting issue that existed in the handling of iframes (CVE-2013-1012). According to Apple’s description, the impact to users visiting a maliciously crafted website would lead to a cross-site scripting attack. The issue was addressed through improved origin tracking. Moreover, a cross-site scripting issue that existed in the handling of copied and pasted data in HTML documents (CVE-2013-0926) was addressed through additional validation of pasted content.

Lastly, Apple’s software update addressed an issue whereas following a maliciously crafted link could lead to unexpected behavior on the target site. Apple noted this issue “may lead to a malicious alteration of the behavior of a form submission” (CVE-2013-1013), and was addressed through improved validation of URLs.

Here at Intego, we routinely stress the importance of updating your software on a regular basis; it’s an essential layer of security that protects your digital life. By updating and closing old vulnerabilities, you’re decreasing the number of known problems that attackers can use to get at you. Mac users can install the latest Safari updates by choosing Apple menu > Software Update (if prompted, enter an admin password).

Share this: