Security

This article is more than 1 year old

Apple swats Webkit bugs that bit it on Safari

Webkit history, page loading and everyday browsing holes plugged

Thu 7 May 2015 // 07:19 UTC

Apple has update its Safari browser to quash three Webkit-derived bugs.

One of the bugs, CVE-2015-1155 , meant “ Visiting a maliciously crafted website may compromise user information on the filesystem,” thanks to “A state management issue … that allowed unprivileged origins to access contents on the filesystem.”

CVE-2015-1156 “Visiting a malicious website by clicking a link may lead to user interface spoofing.”

An issue in “... the handling of the rel attribute in anchor elements” was the culprit in this case, and could mean “Target objects could get unauthorized access to link objects.” The fix was “improved link type adherence.”

Webkit also suffered from problems that could mean “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.”

Apple's fix for the problems is new versions of Safari, which now comes in versions Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 for OS X Mountain Lion, Mavericks and Yosemite respectively. The problems hit Mac OS only – there's no word the iOS versions of the browser need a fix. ®

More about

Narrower topics

AirTag
Apple M1
App stores
Authentication
Black Hat
Common Vulnerability Scoring System
Cybercrime
Cybersecurity
Cybersecurity and Infrastructure Security Agency
Cybersecurity Information Sharing Act
Data Breach
Data Protection
Data Theft
DDoS
Digital certificate
Encryption
Exploit
Firewall
Hacker
Hacking
iCloud
Identity Theft
iMac
Infosec
iOS
iPad
iPhone
iPod
iTunes
Kenna Security
Mac
MacBook
NCSC
Palo Alto Networks
Password
Phishing
Ransomware
REvil
Siri
Spamming
Spyware
Surveillance
Tim Cook
TLS
Trojan
Trusted Platform Module
Vulnerability
Wannacry
Zero trust

Broader topics

More about

COMMENTS

More about

Narrower topics

AirTag
Apple M1
App stores
Authentication
Black Hat
Common Vulnerability Scoring System
Cybercrime
Cybersecurity
Cybersecurity and Infrastructure Security Agency
Cybersecurity Information Sharing Act
Data Breach
Data Protection
Data Theft
DDoS
Digital certificate
Encryption
Exploit
Firewall
Hacker
Hacking
iCloud
Identity Theft
iMac
Infosec
iOS
iPad
iPhone
iPod
iTunes
Kenna Security
Mac
MacBook
NCSC
Palo Alto Networks
Password
Phishing
Ransomware
REvil
Siri
Spamming
Spyware
Surveillance
Tim Cook
TLS
Trojan
Trusted Platform Module
Vulnerability
Wannacry
Zero trust

Broader topics

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Security

Apple swats Webkit bugs that bit it on Safari

Webkit history, page loading and everyday browsing holes plugged

More about

More about

Narrower topics

Broader topics

More about

More about

More about

Narrower topics

Broader topics

TIP US OFF

Other stories you might like

Apple's GoFetch silicon security fail was down to an obsession with speed

Academics probe Apple's privacy settings and get lost and confused

Apple to allow some iPhones to be repaired with used parts

A different view from the edge

Apple's failure to duck UK antitrust probe could bring £785M windfall for devs

Official: EU users can swerve App Store and download iOS apps from the web

Microsoft squashes SmartScreen security bypass bug exploited in the wild

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

Japan turns up heat on Apple, Google with threat of hefty fines

Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware'

World is finally buying more phones and prices are rising

Fraudsters abused Apple Stores' third-party pickup policy to phish for profits

About Us

Our Websites

Your Privacy