In tandem with the release of OS X 10.9.1, Apple has rolled out new versions of its Safari web browser, including one for Mavericks users and another for Mountain Lion customers.Safari 7.0.1 and Safari 6.1.1 are both security-centric releases, in that both updates address security issues in Apple’s software.
For example, an autofill bug existed in both Safari 6 and Safari 7 and affected OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9 installations.
“Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking,” Apple explains in its advisory.
A WebKit flaw affecting OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9 is also disclosed.
Some memory corruption issues in WebKit would lead to “an unexpected application termination or arbitrary code execution,” should the user navigate to a maliciously crafted website.
“These issues were addressed through improved memory handling,” Apple says, enumerating several bug IDs in its documentation.
The Cupertino giant asks users to note that Mavericks 10.9.1 includes the Safari 7.0.1 update, which means they don’t need to download the standalone Safari update as well.
It appears that Apple has failed to produce a fix for the security bug disclosed recently by Kaspersky.
The flaw, detailed by Kaspersky Lab Expert Vyacheslav Zakorzhevsky, reportedly allows user information to be stored and then revealed in plain text, as a side effect of the browser’s retention of history, to easily revisit sites.
“As far as we are concerned, storing unencrypted confidential information with unrestricted access is a major security flaw that gives malicious users the opportunity to steal user data with a minimum of effort,” Zakorzhevsky wrote.