14 DAY TRIAL // WebKit, the heart and soul of Apple’s Safari web browser, is subject to a lot of exploits more often than we’d like it to be. Luckily, Apple has nice habit of patching these flaws with regular security releases.
It is the case of Safari 6.0.5, a new version of Apple’s WebKit-based web browser which the company bundles with the latest version of the Mountain Lion operating system. For OS X Lion users, the patches are included in the latest (standalone) Security Update 2013-002.
Apple states in the Safari 6.0.5 security advisory that several memory corruption issues existed in WebKit, all of which have been addressed through improved memory handling.
The impact is described as such: “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.”
Other patched vulnerabilities in the new Safari include a cross-site scripting issue in the handling of iframes, another cross-site scripting issue in the handling of copied and pasted data in HTML documents, as well as a bug where XSS Auditor may rewrite URLs to prevent cross-site scripting attacks.