Apple patches Safari arbitrary code execution vulnerabilities

Have you read the latest issue of our digital (IN)SECURE Magazine? If not, do it now.

Apple released new versions of their Safari browser – 6.1.6 and 7.0.6 – in which they fixed multiple memory corruption problems in Webkit.

Out of the seven distinct CVE-IDs, five of the bugs were found in-house and the other two are credited to an anonymous researcher and the Google Chrome Security Team.

By setting up a web site with the malicious code, an attacker could cause arbitrary code execution or a denial of service (memory corruption and application crash) on the client’s computer.

List of the related CVE-IDs:

  • CVE-2014-1384
  • CVE-2014-1385
  • CVE-2014-1386
  • CVE-2014-1387
  • CVE-2014-1388
  • CVE-2014-1389
  • CVE-2014-1390.