updated 07:01 pm EDT, Wed August 13, 2014
WebKit vulnerability, memory corruption, other issues addressed
Seven potential security and stability flaws in the WebKit engine that drives Safari have been identified and fixed in a new update for the default Mac web browser, which was released on Wednesday. The patch updates the version numbers to 6.1.6 for older OS versions going back to Lion (OS X 10.7.5), and to 7.0.6 for Mavericks (10.9.4). Problems with a WebKit vulnerability that could cause crashes, alongside some memory corruption issues, prompted the update.
Five of the seven problems fixed in the update were discovered by Apple's own security researchers, though one was caught by Google's Chrome Security Team and another by an anonymous researcher. The "multiple" memory corruption issues were solved by "improved memory handling," and the patch fixes an issue where visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution -- meaning crashes or freezes of the program.
The new versions had been in beta last month for developer testing. The updates are available now to users through Software Update, with users seeing the relevant version for the OS X version they are running. As has been the practice of late, no update for 10.6 Snow Leopard is available. Users should be updated to the latest version of their respective systems (i.e., 10.7.5, 10.8.5 or 10.9.4).