Safari 6.1.5 and Safari 7.0.5 Updates Address Security Bugs

Posted on June 30th, 2014 by Derek Erwin

Today, Apple released Safari 6.1.5 and Safari 7.0.5 updates to address multiple security bugs in its web browser. These updates patch 12 vulnerabilities altogether, 10 of which are related to arbitrary code execution.

Apple’s Safari browser updates are available for OS X Lion 10.7.5, OS X Lion Server 10.7.5, OS X Mountain Lion 10.8.5, and OS X Mavericks 10.9.3.

The following security bugs are addressed in the Safari updates:

CVE-2014-1325, CVE-2014-1340, CVE-2014-1362, CVE-2014-1363, CVE-2014-1364, CVE-2014-1365, CVE-2014-1366, CVE-2014-1367, CVE-2014-1368, CVE-2014-1382 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-2014-1369 : Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content. Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources.
CVE-2014-1345 : A maliciously crafted website may be able to spoof its domain name in the address bar. A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs.

Mac users running OS X Lion systems can install the Safari 6.1.5 update by choosing Apple menu > Software Update (if prompted, enter an admin password). For users running OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from the Mac App Store.

Share

Share this: