Security News

Apple has released Safari 6.1.6 and Safari 7.0.6 with security updates that address several vulnerabilities in the web browser. These updates patch 7 security bugs altogether, all of which are related to memory corruption issues in WebKit and may lead to arbitrary code execution.

Apple’s Safari web browser updates are available for OS X Lion 10.7.5, OS X Lion Server 10.7.5, OS X Mountain Lion 10.8.5, and OS X Mavericks 10.9.4.

The following vulnerabilities were fixed in the Safari updates:

CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues exited in WebKit. These issues were addressed through improved memory handling.

Mac users running OS X Lion systems can install the Safari 6.1.6 update by choosing Apple menu > Software Update (if prompted, enter an admin password). For users running OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.6 and Safari 6.1.6 may be obtained from the Mac App Store.