Apple Fixes WebKit Vulnerability in Safari

Apple has issued a security update for its Safari web browser that fixes a WebKit vulnerability that could allow the execution of arbitrary code if a user visited a malicious website.

In its release notes for Safari versions 6.1.6 and 7.06, the company says the flaw was caused by “multiple memory compression issues” and has been resolved through improved memory handling.

Apple cites seven Common Vulnerabilities and Exposures IDs (CVE-IDs), five discovered by itself, one by Google’s Chrome Security team and another by an anonymous researcher. As well as executing code, the flaw also allows the termination of applications.

Apple Safari bug fixes

The update is available for Mac OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4.

In April, 27 bugs were fixed, many of which were also related to the WebKit browser engine that Safari uses. A number of these were also memory corruption flaws that could also have allowed attackers to gain access to people’s Mac OS X Machines.

Safari currently commands 5.16 percent of the desktop browser market, placing it in fourth position, behind Mozilla’s Firefox, Google Chrome and the various versions of Internet Explorer.

Mac OS X Yosemite is currently available as a beta, the first time a pre-release version has been made available to anyone other than developers. The final version is due to be released as a free update later this year via the Mac App Store.

Are you a security expert? Try our quiz!