48 flaws patched with new version of Safari

A new version of the Safari browser for Windows and Mac has been released, and with it Apple patched 48 security flaws – most of which were located in the WebKit technology.

Safari is updated to display a warning before navigating to an HTTP or HTTPS URL containing user information, to better handle PDF files and window management in order to prevent unexpected application termination or arbitrary code execution when the user visits a malicious sites, and to address the issue of a heap buffer overflow existing in the handling of images with an embedded ColorSync profile.

The 44 flaws patched in WebKit allowed for different kind of attacks and possible compromises: information disclosure, cross-site scripting attacks, unexpected application termination or arbitrary code execution, files to be created in arbitrary user-writable locations, sending remotely specified data to arbitrary TCP ports or an IRC server, exposing the user to a man in the middle attack, disclosing images from other sites, reveal which sites a user has visited, and others.

For more details about the specific vulnerabilities, go here.




Share this