Patch/Configuration Management, Vulnerability Management

Apple updates Safari, fixes multiple bugs


Apple addressed multiple security vulnerabilities in its Safari browser on Wednesday with new updates.

The updated Safari versions include 8.0.6, Safari 7.1.6, and Safari 6.2.6, Apple wrote on its update page. The patched flaws impacted Apple's web browser engine WebKit, and in a few instances, could have allowed a malicious website to terminate an application or execute arbitrary code. This was addressed through improved memory handling.

A separate state management bug in the WebKit History could have allowed a malicious website to compromise user information in the filesystem and was fixed through improved state management.

The last patched bug, CVE-2015-1156, could have let a link leading to a malicious website lead to user interface spoofing. The issue existed in the handling of the ret attribute in anchor elements, Apple wrote, so target objects could get unauthorized access to link objects. Improved link type adherence fixed the flaw.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.