Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple issues Safari 7.0.4 and 6.1.4 updates to fix WebKit vulnerabilities

AppleInsider Staff |

Last updated

Apple on Wednesday released new versions of Safari for OS X 10.9 Mavericks and OS X 10.8 Mountain Lion, patching two bugs related to WebKit that could allow malicious sites to run code on a user's computer.

According to Apple, Safari 7.0.4 for OS X 10.9 Mavericks and Safari 6.1.4 for OS X 10.8 Mountain Lion both address a WebKit flaw in which arbitrary code could be executed on a host computer when visiting a malicious website. The same issue can also cause Safari to unexpectedly crash.

A second problem with WebKit's handling of unicode characters in URLs that allows a maliciously crafted URL to send out false postMessage origins, thus overcoming the receiver's origin check. The issues was resolved through enhanced encoding and decoding.

The latest Safari for OS X versions come a month and a half after the previous Safari 7.0.3 and 6.1.3 updates were released in early April. The older iterations brought granular control over push notifications and support for new top-level domain names like ".cab" and ".clothing."

Safari 7.0.4 and 6.1.4 can be downloaded for free via Software Update.

5 Comments

mpantone 18 Years · 2254 comments
About

The Safari 6.1.4 update (54.4MB) is also available for OS X 10.7 Lion.

magic_al 21 Years · 325 comments
About

Since Apple apparently doesn't do security updates for Mac OS X 10.6 Snow Leopard any more, is this flaw present in that version of WebKit or not?

blah64 18 Years · 989 comments
About

Quote:
Originally Posted by Magic_Al 
Since Apple apparently doesn't do security updates for Mac OS X 10.6 Snow Leopard any more, is this flaw present in that version of WebKit or not?

Great question. Can anyone answer this?? Actually, I don't remember what originally came with 10.6, perhaps it was Safari 4. But can anyone at least answer if the flaw is in the version just prior to what's being discussed, i.e. Safari 5 (of which I think 5.1.2 is the latest), which runs perfectly on 10.6 What manufacturers should do for stuff like this is have a page that you can load that shows whether you're vulnerable or not, like you sometimes see security researchers do.

haggar 18 Years · 1568 comments
About

In Safari 7, I use the Manage Website Settings to configure certain sites to block Flash player while setting the default to allow.  But I occasionally find that sites which were set to Block have either changed to Allow, or have been removed from the list.  Why is it doing this?  Do I have to reconfigure the sites every time  there is a Safari or Flash plugin update?

benjamin frost 11 Years · 7198 comments
About

Haven't updated Safari yet, but it's possible that it will be snappier.

Share Your Thoughts on our Forums ->
 

Sponsored Content

article thumbnail

How to stop spam calls and reclaim some sanity on your iPhone

Top Stories

article thumbnail

How Apple's smart home revolution begins in 2025

article thumbnail

AirPods Max four years later: a missed spatial computing opportunity

article thumbnail

Apple says EU interoperability laws pose severe privacy risks

article thumbnail

Don't believe what you see on TikTok - AirDrop doesn't allow thieves to steal your credit card info

article thumbnail

Holiday 2024 MacBook Buyer's Guide — Which Mac laptop you should buy?

article thumbnail

Holiday coupon: save up to $300 on every 14" & 16" MacBook Pro M4