Apple patches Safari arbitrary code execution vulnerabilities
Apple released new versions of their Safari browser – 6.1.6 and 7.0.6 – in which they fixed multiple memory corruption problems in Webkit.
Out of the seven distinct CVE-IDs, five of the bugs were found in-house and the other two are credited to an anonymous researcher and the Google Chrome Security Team.
By setting up a web site with the malicious code, an attacker could cause arbitrary code execution or a denial of service (memory corruption and application crash) on the client’s computer.
List of the related CVE-IDs: