Wednesday, May 21, 2014, 02:02 pm PT (05:02 pm ET)
Apple issues Safari 7.0.4 and 6.1.4 updates to fix WebKit vulnerabilitiesApple on Wednesday released new versions of Safari for OS X 10.9 Mavericks and OS X 10.8 Mountain Lion, patching two bugs related to WebKit that could allow malicious sites to run code on a user's computer.
According to Apple, Safari 7.0.4 for OS X 10.9 Mavericks and Safari 6.1.4 for OS X 10.8 Mountain Lion both address a WebKit flaw in which arbitrary code could be executed on a host computer when visiting a malicious website. The same issue can also cause Safari to unexpectedly crash.
A second problem with WebKit's handling of unicode characters in URLs that allows a maliciously crafted URL to send out false postMessage origins, thus overcoming the receiver's origin check. The issues was resolved through enhanced encoding and decoding.
The latest Safari for OS X versions come a month and a half after the previous Safari 7.0.3 and 6.1.3 updates were released in early April. The older iterations brought granular control over push notifications and support for new top-level domain names like ".cab" and ".clothing."
Safari 7.0.4 and 6.1.4 can be downloaded for free via Software Update.
On Topic: Mac OS X
- Apple releases OS X Yosemite Public Beta 2, new iTunes 12 beta for testing
- Intuit releases redesigned Quicken 2015 for Mac, first new version in 7 years
- Apple releases Safari 7.1 and 6.2, OS X Server 3.2 betas to developers
- Apple updates pro-level video suite with fixes for Final Cut Pro X, Compressor and Motion
- Mailbox for Mac hits public beta, adds synced drafts and 'snooze to desktop' feature