Security News

Apple Releases Safari 6.2 and Safari 7.1 for Mac with Security Fixes

Posted on September 18th, 2014 by

Safari browser security updates

Apple has issued updates to its web browser for Mountain Lion and Mavericks, releasing Safari 6.2 and Safari 7.1 to address multiple vulnerabilities. These updates are available for Mac OS X 10.8.5 and Mac OS X 10.9.5.

The Safari 6.2 and Safari 7.1 updates address the following vulnerabilities:

  • CVE-2014-4363 : An attacker with a privileged network position may intercept user credentials. Saved passwords were autofilled on http sites, on https sites with broken trust, and in iframes. This issue was addressed by restricting password autofill to the main frame of https sites with valid certificate chains.
  • CVE-2013-6663, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-2014-4409 : A malicious website may be able to track users even when private browsing is enabled. A web application could store HTML 5 application cache data during normal browsing and then read the data during private browsing. This was addressed by disabling access to the application cache when in private browsing mode.

Mountain Lion and Mavericks users can install Safari 6.2 and Safari 7.1 by choosing Apple menu > Software Update (if prompted, enter an admin password), or for more information you can head over to Apple’s Safari Support page at: http://www.apple.com/support/mac-apps/safari/

  • Trane Francks

    The obvious problem that I see with this security release is that Lion and Mountain Lion shared the same browser up until 6.1.6. While the 6.2 release fixes a number of vulnerabilities for Mountain Lion, one presumes that Lion users are still vulnerable.

    Joy.