Update fixes an issue that could block receipt of push notifications from websites

Apr 2, 2014 06:49 GMT  ·  By

Apple today offers two new versions of the Safari web browser for Mac users, adding improvements and fixes in several key areas of the software, including auto-fill, notifications, and sandboxing.

Safari 7.0.3 is offered for download on Mavericks computers, whereas Safari 6.1.3 goes onto Mountain Lion and Lion computers. Although the numbering differs, the updates are virtually identical in terms of what’s new.

Apple has addressed an issue that could cause the search and address field to load a webpage or send a search term before the return key is pressed, fixed an issue that could block receipt of push notifications from websites, and strengthened Safari sandboxing.

The Mac maker further improved credit card auto-fill, while adding support for webpages with generic top-level domains and a preference to turn off push notification prompts from websites.

Both updates also include a fair dose of security fixes, most of which stem from the recent Pwn2Own contest. According to Apple, “[Safari 7.0.3 / 6.1.3] fixes security issues, including several identified in recent security competitions.”

Affecting WebKit, the heart and soul of the Safari web browser, memory corruption issues would lead to “unexpected application termination or arbitrary code execution [by] visiting a maliciously crafted website.” Addressed through improved memory handling, these bugs were present on OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.2.

A second WebKit flaw found in the same exact OS X versions would allow “an attacker running arbitrary code in the WebProcess [to] be able to read arbitrary files despite sandbox restrictions.” This was reportedly caused by a logic issue that existed in the handling of IPC messages from the WebProcess. Apple says it addressed this vulnerability through additional validation of IPC messages.

Unlike previous Safari updates, versions 7.0.3 and 6.1.3 are exclusively available for Mac users (meaning there is no corresponding Windows update). Safari 7.0.3 in particular is said to be included in OS X 10.9.3, the upcoming Mavericks update currently in beta testing at Apple.

Both Safari 7.0.3 and Safari 6.1.3 have spent a great deal of time in testing, sharing the same focus areas. With every new seed, developers were told to focus their attention on general website compatibility, Safari Push Notifications (a new feature introduced in 2013), login AutoFill, credit card AutoFill (for Mavericks computers only), and extension compatibility. Readers can immediately download Safari 7.0.3 / 6.1.3 at the supplied link.