Apple has released software updates to Safari, updating its web browser to version 6.0.4. The 48.9 MB update to Safari 6.0.4 is available for OS X Lion v10.7.5 and OS X Mountain Lion v10.8.3. It improves user control over Java as well as addresses a WebKit flaw that allows remote attackers to execute arbitrary code by way of vectors that leverage “type confusion” (CVE-2013-0912). The software update coincides with Apple’s release of Java for OS X 2013-003 and Java for Mac OS X v10.6 Update 15.
With the new version 6.0.4, Apple’s Safari web browser now includes per-site Java enabling, which “allows users to enable the Java plug-in for Safari on a website-by-website basis,” as described in the update notice. Moreover, the update fixes a WebKit bug whereas visiting a maliciously crafted website may lead to unexpected application termination or arbitrary code execution.
Apple offered the following details of the WebKit vulnerability resolved in this software update:
- CVE-2013-0912 : An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.
It’s always a good idea to update your software regularly as it is an essential layer of security that helps protect your digital life. Mac users can install the latest updates by choosing Apple menu > Software Update (if prompted, enter an admin password).