This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Flaws patched in Apple's Safari browser and iOS 6

Share this article:

Apple has released updates to address flaws in its Safari 6 web browser and iOS 6 mobile operating system.

The fixes were made available on Thursday and address two vulnerabilities in Safari 6.0.2. The bugs, which lie in WebKit an open source web browser engine, could allow for “unexpected application termination or arbitrary code execution” if users visited a malicious website, according to Apple's summary of the flaws.

The browser update affects the OS X Lion and OS X Mountain Lion operating systems.

Updates for iOS 6.0.1 affecting iPhone 3GS, iPad 2 and the fourth-generation iPod Touch also addressed the same vulnerabilities, but for mobile users.

Other patches in iOS addressed a data disclosure bug, which could allow “maliciously crafted or compromised iOS applications” to determine addresses in the kernel, and a passcode-lock security issue, which could potentially allow attackers to bypass password requirements for Passbook – an iOS app that can store users' airline boarding passes, coupons, movie tickets, retailer reward cards and other mobile payment information.

Wolfgang Kandek, CTO at Qualys, told SCMagazine.com on Friday that the WebKit bugs represented the most widespread threat to users.

“When you use Safari or Google Chrome, for instance, you are using WebKit as its underpinning,” Kandek said. “The attacks would be through a website that has something malicious on there that knows about the vulnerability, and it could run something on your machine that wants to take control of it. You probably wouldn't even notice [malware] that had been installed on your machine, which could feed information to an attacker.”

Chester Wisniewski, senior security advisor at Sophos, also told SCMagazine.com on Friday that the WebKit fix appeared most critical.

“From a critical standpoint, I'd rate the WebKit issues highest because they affect Safari, Google Chrome and mobile users – and allow attackers to launch a drive-by exploit, which are most likely to be used by an attacker.”  

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.