14 DAY TRIAL // Apple this week rolled out two Safari updates for several versions of OS X addressing around two dozen WebKit flaws that Sophos deems as highly important. According to the company’s security evangelist Paul Ducklin, Safari 7.0.4 and Safari 6.1.4 are must-install updates.
Security advisor Paul Ducklin writes on the Sophos Naked Security blog that Apple’s Safari 7.0.4 update closes a total of 22 vulnerabilities, “including 21 listed under ‘arbitrary code execution’.”
Noting that Apple has increased the frequency of Safari patches, Ducklin says, “There are 22 CVE-numbered security holes patched, 21 of which are annotated by Apple with the words: ‘Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution’.”
In a support document that talks of these updates at length – About the security content of Safari 6.1.4 and Safari 7.0.4 – Apple outlines that said updates target OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3. The Mac maker’s disclosure reveals that, “Multiple memory corruption issues existed in WebKit.”
“In everyday language, that means ‘possible drive-by install,’ also known as ‘crooks could sneak malware onto your computer without any pop-ups’,” Ducklin explains.
Apple patched the holes through improved memory handling. The company credits numerous researchers and even amateurs for reporting the flaws back to base, including the Google Chrome Security Team, Atte Kettunen of OUSPG, Ian Beer of Google Project Zero, an anonymous member of the Blink development community, and Apple’s own security engineers, of course.
According to Sophos’ security proselytizer, “Safari 7.0.4 is a security update and you should grab it as quickly as you can, or at least check that you have it installed [...] for older versions of OS X still on Safari 6, the fixes are available as Safari 6.1.4.”
Safari 7.0.4 and Safari 6.1.4 contain no new features and are strictly aimed at improving the security of your web browsing. Despite not bringing anything new to the table in terms of functionality or looks, these updates are just as important as major new releases of the browser.
At its Worldwide Developers Conference in June, Apple is expected to unveil all-new versions of Safari for both OS X and iOS packing additional functionality and new aesthetic changes as well. Readers can immediately download Safari 7.0.4 / 6.1.4 for OS X Mountain Lion, Lion, and Mavericks, at the supplied link.