A potential remote attacker could execute arbitrary code

Aug 16, 2014 11:49 GMT  ·  By

A new version of Safari web browser has been released to repair a set of seven security glitches in the WebKit component, all of them leading to unauthorized disclosure of information through remote execution of arbitrary code.

The report from Apple is very scarce in details, and apart from providing the Common Vulnerabilities and Exposures identification, it says that the browser update for OS X eliminates memory corruption problems in WebKit by improving the way the memory is handled.

Five of the issues were discovered by Apple engineers, while one was reported by the Google Chrome Security Team and another is credited to an anonymous researcher. If exploited, any of them would have the same effect.

Vulnerable versions of Safari (earlier than 6.1.6 and 7.0.6) could allow a potential remote attacker to execute code on the affected system as well as cause a denial of service condition of the application.

User interaction is required to achieve this, because the victim has to be convinced to visit a maliciously crafted website.

As far as the severity of the issues is concerned, they were given a 6.8 CVSS (Common Vulnerability Scoring System) score, which stands for “medium.”

The latest versions of Safari browser are available through the update mechanism on Mac systems.