Latest Safari update brings fixes for WebKit security flaws
AppleInsider Staff
Apple on Tuesday issued new versions of its Safari Web browser for OS X with fixes for two WebKit vulnerabilities that could allow maliciously crafted code to run on a target Mac.
According to release notes supplied with Safari 8.0.4 for OS X 10.10 Yosemite, Safari 7.1.4 for OS X 10.9 Mavericks and Safari 6.2.4 for OS X 10.8 Mountain Lion, the updates are meant to improve app stability and Web browsing security.
The first fix addresses multiple memory corruption issues in WebKit that may lead to unexpected application termination or arbitrary code execution when visiting a maliciously crafted website. Apple improved memory handling to patch the problem.
A second issue pertained to a user interface inconsistency in Safari itself. Prior to today's fix, which includes improved UI consistency checks, attackers could misrepresent a webpage's URL to mask a phishing attack.
Users can download the latest Safari versions 8.0.4, 7.1.4 and 6.2.4 for free through Software Update.
Andrew Orr
Marko Zivkovic
Wesley Hilliard
Malcolm Owen
Amber Neely
11 Comments
Awesome, already installing and rocking 8.0.4! Anyone know if this update also fixes the recently published issue of Safari remembering browsed sites whilst in Privacy mode?
Does not seem to. The "Date Modified" changes on the "WebpageIcons.db" when you open a window a New Private Window. I opened a couple different "Private Windows" and each time the "Date Modified" changed but the "Size" did not change. I don't know how to read the file so could not see what it modified.
I do wish that Apple would bundle these updates in with Yosemite rather than dripping them out.
I do wish that Apple would bundle these updates in with Yosemite rather than dripping them out.
And I'd rather get important security updates right away rather than waiting for larger OS update bundles.
no idea why they still wasting time on this - nobody cares about Safari anymore.