Latest Safari update brings fixes for WebKit security flaws
Apple on Tuesday issued new versions of its Safari Web browser for OS X with fixes for two WebKit vulnerabilities that could allow maliciously crafted code to run on a target Mac.
According to release notes supplied with Safari 8.0.4 for OS X 10.10 Yosemite, Safari 7.1.4 for OS X 10.9 Mavericks and Safari 6.2.4 for OS X 10.8 Mountain Lion, the updates are meant to improve app stability and Web browsing security.
The first fix addresses multiple memory corruption issues in WebKit that may lead to unexpected application termination or arbitrary code execution when visiting a maliciously crafted website. Apple improved memory handling to patch the problem.
A second issue pertained to a user interface inconsistency in Safari itself. Prior to today's fix, which includes improved UI consistency checks, attackers could misrepresent a webpage's URL to mask a phishing attack.
Users can download the latest Safari versions 8.0.4, 7.1.4 and 6.2.4 for free through Software Update.