Apple Patches WebKit Vulnerabilities in Safari

Apple released new versions of Safari that patch a number of WebKit vulnerabilities.

Apple on Tuesday pushed out new versions of its Safari browser that address 17 security vulnerabilities in the WebKit engine.

Safari 8.04, 7.14 and 6.24 patch multiple memory corruption issues in WebKit, Apple said.

“These issues were addressed through improved memory handling,” Apple said in its advisory.

The advisory is sparse in other details on individual CVEs; Apple said that users visiting a website hosting an exploit could put the browser at risk to remote code execution or a crash.

A separate WebKit vulnerability affects the user interface and could open the door to phishing attacks.

“A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL,” Apple said. “This issue was addressed through improved user interface consistency checks.”

This is the second set of Apple patches in the last 10 days. The company took care of the FREAK vulnerability in iOS along with another vulnerability that would allow a hacker to remotely restart a user’s phone via a SMS message.

Apple iOS 8.2 also patched a vulnerability in the iCloud keychain function that was the result of several buffer overflows.

Suggested articles