Apple Rolls Out Safari 7.0.4/6.1.4 Bug-fix Updates for WebKit Vulnerabilities
Apple Rolls Out Safari 7.0.4/6.1.4 Bug-fix Updates for WebKit Vulnerabilities

Apple has just rolled out two critical browser bug-fix updates, Safari 7.0.4 and Safari 6.1.4, for Webkit vulnerabilities in Mac OS X. The former addresses issues with Mac OS X Mavericks 10.9.3 and the latter fixes OS X Lion 10.7.5, OS X Lion Server 10.7.5 and Mountain Lion 10.8.5.

According to Apple's support document, the bug-fix update addresses the iOS browser vulnerabilities originating through Safari's open-source rendering engine (aka webkit), which allows malicious websites to perform arbitrary code execution or terminate an app abruptly thereby compromising confidential user information.

This issue has been attributed to multiple memory corruption issues within the Webkit and has been resolved in the current Safari updates through improved memory handling.

Another key security issue pertains to malicious websites sending messages anonymously to the recipient after bypassing the origin check at the receiver's end.

The second issue has been attributed to an encoding bug with handling of Unicode characters in URLs and the issue has been addressed through improved encoding/decoding.

Apple protects user privacy and security concerns by not disclosing or confirming security issues until they are fully investigated and the root cause of the issue has been identified along with the release of necessary patches or updates.

Apple recommends that users go ahead and install these updates via Mac OS X Software Update feature or manually download the installer from Apple Support website.