Apple Safari updates fix WebKit flaws

Apple will fix three WebKit memory corruption flaws in Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6, the company announced this week. Discovered by Apple's security team who will address the flaws with improved memory handling, these vulnerabilities can be exploited by attackers for remote code execution as well as simply causing the application to crash.

“An issue existed in the handling of the rel attribute in anchor elements,” Apple wrote in its advisory. “Target objects could get unauthorized access to link objects. This issue was addressed through improved link type adherence.”

Meanwhile, Patrick Wardle, head of research at Synack, speaking of the matter to online news sources, warned that bypassing typical OS X security tools is trivial. Wardle discovered that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned code to run.

"The state of OS X malware is amateur, even basic," Wardle told online news sources. “It relies on trivially detectable persistence mechanisms and generally relies on infecting users via social engineering tricks such as offering ‘free [but infected] copies of PhotoShop'.”

Still, security updates that address the Safari flaws and other patch updates are available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3, and Apple advises its users to update their installations as soon as possible.