Apple Releases Patch for Safari Security Flaws
The software engineers at Apple have been busy updating programs the past several days, including a bug stomping update to iOS 6 that's available to Developers (beta) and, more recently, tweaks to the Safari browser. Safari 6.0.2, available for OS X Lion v10.7.5, OS X Lion Server v10.7.5, and OS X Mountain Lion v10.8.2, addresses a handful of JavaScript vulnerabilities.
"Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution," Apple disclosed in a support document regarding the security content of Safari 6.0.2.
The update is primarily intended to protect Safari users from drive-by download attacks, not only by addressing JavaScript issues, but also by closing a security hole in the SVG implementation of WebKit.
Apple credits Joost Pol and Daan Keuper of Certified Security working with HP TippingPoint's Zero Day Initiative for discovering the JavaScript vulnerabilities, and Pinkie Pie working with Google's Pwnium 2 contest for discovering the SVG flaw.
"Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution," Apple disclosed in a support document regarding the security content of Safari 6.0.2.
The update is primarily intended to protect Safari users from drive-by download attacks, not only by addressing JavaScript issues, but also by closing a security hole in the SVG implementation of WebKit.
Apple credits Joost Pol and Daan Keuper of Certified Security working with HP TippingPoint's Zero Day Initiative for discovering the JavaScript vulnerabilities, and Pinkie Pie working with Google's Pwnium 2 contest for discovering the SVG flaw.
