14 DAY TRIAL // Last week, Apple deployed and then swiftly pulled a trio of Safari updates meant to address security issues on three particular OS X versions and also aimed at enhancing the browser’s functionality through various tweaks.
The updates in question, released on December 3, were Safari 8.0.1 for OS X Yosemite, Safari 7.1.1 for OS X Mavericks, and Safari 6.2.1 for OS X Mountain Lion. For reasons stated in today’s release notes, Apple decided to pull those updates, leaving customers vulnerable to hacking attacks (albeit not serious ones).
Near-identical tweaks and fixes
Despite carrying different version numbers, today’s Safari updates are essentially just re-released versions of last week’s patches that aimed to close security holes and improve some aspects in the Yosemite version of the browser.
As such, the release notes accompanying the updates, specifically the one targeting OS X 10.10 customers, are identical, with one small exception: the reason why Apple had to pull last week’s updates in the first place.
Apple says that the 8.0.2 update in particular packs improvements to usability, stability, and security, as well as specific fixes for issues that could prevent history from syncing across devices if iCloud Drive is not on, bugs causing autofill to omit saved password after two devices are added to iCloud Keychain, and problems with users being unable to access Safari after installing the 8.0.1 update.
Safari 8.0.2 further improves the performance of WebGL graphics on Macs equipped with Retina displays (Apple doesn’t say which models). Last but certainly not least, Safari 8.0.2 allows users to import usernames and passwords from Mozilla’s Firefox web browser.
The security side of Safari 8.0.2/7.1.2/6.2.2
Apple has issued a dedicated support document to discuss the security side of Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2, stating that the three updates “include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1.” The company then links to the older support article that discloses the vulnerabilities in question.
More than a dozen separate holes are patched, all of them found in the browser’s WebKit rendering engine. Affecting OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1, these bugs include a UI spoofing issue, memory corruption issues, and a rare case where style sheets were loaded cross-origin, which could allow for data exfiltration.
Readers can manually download Safari 8.0.2 / 7.1.2 / 6.2.1 from Softpedia immediately. Alternately, users can launch the Mac App Store on their computers and hit the Updates tab to see the update pop up.
