Apple patches 27 bugs in Safari that could have allowed hackers to target users via specially-crafted sites
Many of the flaws were resident in the WebKit browser engine that Safari uses, allowing an outsider to corrupt memory. Safari 6 and 7 are both affected.
Pwn2Own Safari problems fixed
The list of memory corruption flaws included vulnerabilities used to hack the software in the recent Pwn2Own hacking contest. Various Google researchers and exploit seller VUPEN were credited for uncovering the problems.
“Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution,” Apple said of the Webkit flaws, in its advisory.
A separate WebKit logic issue, identified by Ian Beer of Google Project Zero, was also patched. “An attacker running arbitrary code in the WebProcess may be able to read arbitrary files despite sandbox restrictions,” Apple warned.
A total of 27 flaws were fixed, across Mac OS X Mountain Lion and Mavericks operating systems. The Safari 7.0.3 and 6.1.3 updates will fix the issues.
It was only in February that Apple was forced to issue fixes across iOS and Mac OS X for a weakness in the operating systems’ handling of SSL encryption.
Are you a security expert? Try our quiz!