or Connect
AppleInsider › Forums › Software › Mac Software › Apple issues Safari 7.0.4 and 6.1.4 updates to fix WebKit vulnerabilities
New Posts  All Forums:Forum Nav:

Apple issues Safari 7.0.4 and 6.1.4 updates to fix WebKit vulnerabilities

post #1 of 6
Thread Starter 
Apple on Wednesday released new versions of Safari for OS X 10.9 Mavericks and OS X 10.8 Mountain Lion, patching two bugs related to WebKit that could allow malicious sites to run code on a user's computer.



According to Apple, Safari 7.0.4 for OS X 10.9 Mavericks and Safari 6.1.4 for OS X 10.8 Mountain Lion both address a WebKit flaw in which arbitrary code could be executed on a host computer when visiting a malicious website. The same issue can also cause Safari to unexpectedly crash.

A second problem with WebKit's handling of unicode characters in URLs that allows a maliciously crafted URL to send out false postMessage origins, thus overcoming the receiver's origin check. The issues was resolved through enhanced encoding and decoding.

The latest Safari for OS X versions come a month and a half after the previous Safari 7.0.3 and 6.1.3 updates were released in early April. The older iterations brought granular control over push notifications and support for new top-level domain names like ".cab" and ".clothing."

Safari 7.0.4 and 6.1.4 can be downloaded for free via Software Update.
post #2 of 6
The Safari 6.1.4 update (54.4MB) is also available for OS X 10.7 Lion.
Edited by mpantone - 5/21/14 at 2:24pm
post #3 of 6
Since Apple apparently doesn't do security updates for Mac OS X 10.6 Snow Leopard any more, is this flaw present in that version of WebKit or not?
post #4 of 6
Quote:
Originally Posted by Magic_Al View Post
Since Apple apparently doesn't do security updates for Mac OS X 10.6 Snow Leopard any more, is this flaw present in that version of WebKit or not?


Great question. Can anyone answer this??

Actually, I don't remember what originally came with 10.6, perhaps it was Safari 4. But can anyone at least answer if the flaw is in the version just prior to what's being discussed, i.e. Safari 5 (of which I think 5.1.2 is the latest), which runs perfectly on 10.6

What manufacturers should do for stuff like this is have a page that you can load that shows whether you're vulnerable or not, like you sometimes see security researchers do.
No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #5 of 6

In Safari 7, I use the Manage Website Settings to configure certain sites to block Flash player while setting the default to allow.  But I occasionally find that sites which were set to Block have either changed to Allow, or have been removed from the list.  Why is it doing this?  Do I have to reconfigure the sites every time  there is a Safari or Flash plugin update?

post #6 of 6
Haven't updated Safari yet, but it's possible that it will be snappier.
Post from mstone to Benjamin Frost - "Perhaps that explains your lack of mental capacity. If I was your brother, I probably would have repeatedly smashed the side of your head with a cricket bat."
Reply
Post from mstone to Benjamin Frost - "Perhaps that explains your lack of mental capacity. If I was your brother, I probably would have repeatedly smashed the side of your head with a cricket bat."
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Apple issues Safari 7.0.4 and 6.1.4 updates to fix WebKit vulnerabilities