Apple has released Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 for Mountain Lion, Mavericks, and Yosemite. These updates address multiple WebKit flaws—a combined 17 vulnerabilities (CVEs)—including a user interface inconsistency bug that existed in Safari, which may prevent users from discerning a phishing attack.
The new Safari web browser is available for: OS X Mountain Lion 10.8.5, OS X Mavericks 10.9.5, and OS X Yosemite 10.10.2.
Apple’s Safari security updates patch the following vulnerabilities:
- CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
- CVE-2015-1084 : Inconsistent user interface may prevent users from discerning a phishing attack. A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL. This issue was addressed through improved user interface consistency checks.
Mac users can install the updated Safari web browser by choosing Apple menu > Software Update (if prompted, enter an admin password), or the updates may be obtained from the Mac App Store.