apple exploding security danger © Mila Supinskaya Shutterstock

Apple Patches Severe Safari Vulnerabilities

Apple patches 27 bugs in Safari that could have allowed hackers to target users via specially-crafted sites

On by Thomas Brewster 0

Tech titan Apple has confirmed patches for a long list of vulnerabilities in its Safari browser, which could have allowed attackers to gain system access on people’s Mac OS X machines.

Many of the flaws were resident in the WebKit browser engine that Safari uses, allowing an outsider to corrupt memory. Safari 6 and 7 are both affected.

Pwn2Own Safari problems fixed

Apple Safari LogoThe list of memory corruption flaws included vulnerabilities used to hack the software in the recent Pwn2Own hacking contest. Various Google researchers and exploit seller  VUPEN were credited for uncovering the problems.

“Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution,” Apple said of the Webkit flaws, in its advisory.

A separate WebKit logic issue, identified by Ian Beer of Google Project Zero, was also patched. “An attacker running arbitrary code in the WebProcess may be able to read arbitrary files despite sandbox restrictions,” Apple warned.

A total of 27 flaws were fixed, across Mac OS X Mountain Lion and Mavericks operating systems. The Safari 7.0.3 and 6.1.3 updates will fix the issues.

It was only in February that Apple was forced to issue fixes across iOS and Mac OS X for a weakness in the operating systems’ handling of SSL encryption.

Are you a security expert? Try our quiz!

Thomas Brewster
Author: Thomas Brewster
Security Correspondent, TechWeekEurope
Thomas Brewster Thomas Brewster Thomas Brewster
Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




0 replies to Apple Patches Severe Safari Vulnerabilities

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>