Apple has issued updates to its web browser for Mountain Lion and Mavericks, releasing Safari 6.2 and Safari 7.1 to address multiple vulnerabilities. These updates are available for Mac OS X 10.8.5 and Mac OS X 10.9.5.
The Safari 6.2 and Safari 7.1 updates address the following vulnerabilities:
- CVE-2014-4363 : An attacker with a privileged network position may intercept user credentials. Saved passwords were autofilled on http sites, on https sites with broken trust, and in iframes. This issue was addressed by restricting password autofill to the main frame of https sites with valid certificate chains.
- CVE-2013-6663, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
- CVE-2014-4409 : A malicious website may be able to track users even when private browsing is enabled. A web application could store HTML 5 application cache data during normal browsing and then read the data during private browsing. This was addressed by disabling access to the application cache when in private browsing mode.
Mountain Lion and Mavericks users can install Safari 6.2 and Safari 7.1 by choosing Apple menu > Software Update (if prompted, enter an admin password), or for more information you can head over to Apple’s Safari Support page at: http://www.apple.com/support/mac-apps/safari/