Tuesday, May 12, 2015

Apple Safari gets NEW security fixes

On Wednesday, Apple rolled out a new version of Safari web browser fixing five security flaws found in the WebKit browser engine. The fixes address flaws in Safari versions 8.0.6, 7.1.6 and 6.2.6. Three out of Five fixes are related to memory corruption flaws that could allow intruders to execute arbitrary code or cause the vulnerable browsers to crash unexpectedly. According to advisory, these security flaws are covered under CVE-2015-1152, CVE-2015-1153 and CVE-2015-1154 - can be exploited by enticing victim to visit malicious website. Security researcher Joe Vennix of Rapid7 found a security flaw in the WebKit History component covered under CVE-2015-1155 - allows access to the information from an unprivileged source, related to a same-origin policy issue. <more>

No comments: