Security News

Apple Delivers Safari 5.1.10 for Snow Leopard with Bug Fixes

Posted on September 13th, 2013 by

Safari browser security updatesApple has issued updates to its web browser for Snow Leopard users, releasing Safari 5.1.10 to address two Safari vulnerabilities, CVE-2012-3748 and CVE-2013-0997. This update is available for Mac OS X 10.6.8 and Mac OS X Server 10.6.8.

The exploit CVE-2012-3748 has to do with a Safari vulnerability that was patched in November of 2012, and affects Apple iOS before 6.0.1 and Safari before 6.0.2. The exploit CVE-2013-0997 fixes a WebKit issue, as used in Apple iTunes before 11.0.3.

Apple provided the following information about the security content of Safari 5.1.10:

Vulnerabilities: CVE-2012-3748, CVE-2013-0997

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in JavaScriptCore’s JSArray::sort() method. These issues were addressed through additional bounds checking.

Snow Leopard users can install Safari 5.1.10 by choosing Apple menu > Software Update (if prompted, enter an admin password), or you can get it from Apple’s Safari download site at: http://support.apple.com/downloads/#safari