Softpedia >News >Security >Security Fixes and Improvements
Softpedia Homepage   

Safari Security Update Fixes Vulnerabilities in WebKit

Three memory corruption problems get patched

May 7, 2015 17:06 GMT  ·  By
Update addresses 5 security flaws in Safari
   Update addresses 5 security flaws in Safari

Apple released on Wednesday updates for Safari web browser, addressing a set of five vulnerabilities in WebKit browser engine.

The patches are available for Safari versions 8.0.6, 7.1.6, and 6.2.6 running on OS X Mountain Lion (10.8.5), Mavericks (10.9.5), and Yosemite (10.10.3).

Memory corruption issues and user info compromise receive a fix

Three of the fixes solve memory corruption issues that could lead to arbitrary code execution or to terminating the web browser without prior warning.

The vulnerabilities (identified as CVE-2015-1152, CVE-2015-1153 and CVE-2015-1154) have been discovered by Apple developers and could be exploited by an adversary by pointing users to a maliciously crafted website. “These issues were addressed through improved memory handling,” reads the security advisory from the company.

Another glitch (CVE-2015-1155) affects the WebKit History component in Safari and has been discovered by Joe Vennix of Rapid7 via HP’s Zero Day Initiative program.

The potential impact of the security flaw is compromising user information on the filesystem by visiting a malicious web page. It is a same-origin policy (SOP) bug that allows access to the information from an unprivileged source.

Rootpipe vulnerability remains unpatched

The fifth vulnerability addressed by Apple in Safari is tracked as CVE-2015-1156 and has been reported by Zachary Durber of Moodle.

“An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorized access to link objects. This issue was addressed through improved link type adherence,” reads the description of the flaw.

An attacker could produce an exploit that could lead to user interface spoofing. To achieve this, user interaction is needed, as the threat actor would have to trick the user into accessing a malicious website.

The update released on Wednesday did not address any other security problems, which means that the “rootpipe” vulnerability is still present on OS X. Plugging this hole has been attempted by Apple twice in the past, but it appears that a complete fix is still to be delivered.