Apple has released a new version of Safari that fixes seven security vulnerabilities, all of which are related to the WebKit framework in the browser.
The advisory from Apple is typically bare-bones, with almost no information about the vulnerabilities fixed in Safari 6.1.6 and 7.0.6. Apple said that all of the vulnerabilities in WebKit are memory corruption issues and that they all could be used for remote code execution.
“Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling,” the Apple advisory says. “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.”
WebKit is the open source framework that underpins Safari, as well as several other applications on OS X, including Mail. The framework is also the bones of Google’s Chrome browser and WebKit is a frequent target for both attackers and security researchers. Google’s Chrome security team often discovers and reports vulnerabilities in the framework, and it’s rare to see a new version of either Chrome or Safari released without at least one WebKit vulnerability being fixed.
This is the second security update for Safari in the last few weeks. In July Apple issued a number of patches for the browser, all of which fixed vulnerabilities in WebKit.