Apple squashes WebKit bugs in latest Safari update
Three critical vulnerabilities in OS X web browser now plugged
Apple has solved three critical bugs affecting its Safari browser for OSX Mountain Lion, Mavericks and Yosemite.
In its latest browser update, Apple's closed security loopholes that allowed cyber criminals to steal user data and carry out remote code executions.
The patches in Safari 8.0.6, 6.2.6 and 7.1.6 for Yosemite, Mavericks and Mountain Lion respectively, all deal with vulnerabilities in WebKit, the open source software that powers both Safari and Google Chrome.
The first patch deals with three memory corruption issues (CVE-2015-1152, CVE-2015-1153 and CVE-2015-1154) that all allowed arbitrary code execution or unexpected application termination if a user visited a malicious website.
The second patch targets a vulnerability specifically located in WebKit History that could allow malicious actors to access contents on the filesystem through an unspecified state management issue (CVE-2015-1155).
Once again, the bug would be exploited when users visited compromised or specially crafted website targeted towards that vulnerability, but this time could lead to user information being compromised.
The third and final patch addresses what appears to be a phishing vulnerability (CVE-2015-1156).
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
On its support page announcing the updates, Apple said the bug could be exploited by a user clicking a link that led to a malicious website, which could lead to interface spoofing.
Full details of the nature of the vulnerabilities have not yet been made available. However, as the bug fixes have just been released it is likely this information will be made available through CVE databases in the coming week or so.
Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.