Jump to content

Apple Patches WebKit Vulnerabilities in Safari

Recommended Posts

Apple on Tuesday pushed out new versions of its Safari browser that address 17 security vulnerabilities in the WebKit engine.

Safari 8.04, 7.14 and 6.24 patch multiple memory corruption issues in WebKit, Apple said.

“These issues were addressed through improved memory handling,” Apple said in its advisory.

The advisory is sparse in other details on individual CVEs; Apple said that users visiting a website hosting an exploit could put the browser at risk to remote code execution or a crash.

A separate WebKit vulnerability affects the user interface and could open the door to phishing attacks.

“A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL,” Apple said. “This issue was addressed through improved user interface consistency checks.”

This is the second set of Apple patches in the last 10 days. The company took care of the FREAK vulnerability in iOS along with another vulnerability that would allow a hacker to remotely restart a user’s phone via a SMS message.

Apple iOS 8.2 also patched a vulnerability in the iCloud keychain function that was the result of several buffer overflows.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...