Yesterday, Apple released Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 for Mountain Lion, Mavericks, and Yosemite. These updates address multiple memory corruption issues in WebKit, and coincide with Apple's OS X 10.10.2 update, which includes Security Update 2015-001, and the release of Apple TV 7.0.3.
The new Safari web browser is available for: OS X Mountain Lion 10.8.5, OS X Mavericks 10.9.5, and OS X Yosemite 10.10.1.
Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 updates mitigate the following vulnerabilities:
- CVE-2014-3192 : Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2014-4476, CVE-2014-4477, CVE-2014-4479 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
Mac users can install the updated Safari web browser by choosing Apple menu > Software Update (if prompted, enter an admin password), or the updates may be obtained from the Mac App Store.