Apple Patches Multiple Safari Security Flaws

Apple released several Safari security updates for OS X Mountain Lion, Mavericks, and Yosemite last night.

The updates, including Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6, patch several vulnerabilities in Webkit, which is Safari’s browser engine.

The first flaw, which included multiple memory corruption issues, was discovered by Apple themselves, and could have allowed an attacker to use a malicious website to crash or hijack the computer.

The second flaw was discovered by Joe Vennix of Rapid7 Inc. working with HP’s Zero Day Initiative.  It was a state management issue that could allow unauthorized access to filesystem contents.

The third flaw, an issues with handling the rel attribute in anchor elements,  was discovered by Zachary Durber of Moodle.  This flaw could have allowed an attacker running a malicious website to spoof a user’s interface.
For  information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *