Apple patches WebKit flaws in its OS X web browser, addresses security
Users of OS X Lion v10.7.5, OS X Lion Server v10.7.5, and OS X Mountain Lion v10.8.2 are being instructed to download and install a new version of Safari to patch a number of WebKit flaws that may hinder their Mac’s security.Released via Software Update through the Mac App Store, Safari 6.0.2 arrives in tandem with iOS 6.0.1 for iPhone, iPod touch and iPad, as well as several other updates for the Mac, including Aperture 3.4.2 and iPhoto 9.4.2 (more on these later today).
Safari 6.0.2 brings nothing new to the table – at least nothing too visible to the regular user. However, Apple insists that customers install the new version as it contains important security patches that will strengthen the browser’s WebKit foundation.
Apple says that “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.”
Apple credits Joost Pol and Daan Keuper of Certified Secure (working with HP TippingPoint's Zero Day Initiative) for discovering and reporting the flaw.
Another issue is patched, which could result in the same scenario if leveraged.
“A use after free issue existed in the handling of SVG images,” Apple says. “This issue was addressed through improved memory handling.”
The discoverer is Pinkie Pie working with Google's Pwnium 2 contest, according to the Cupertino giant.
Safari 6.0.2 appears to have been released only for the Mac. Users can grab it via the Mac App Store’s Software Update tab or at the link below.
Update: we're hearing that some users are having trouble downloading Safari 6.0.2 through Software Update. Here's a direct link from Apple's servers for OS X Mountain Lion.
Download Safari for Mac (Free)