Apple patches Mac Safari security

Apple patches Mac Safari security

Summary: A large number of updates, some quite old and many updated weeks ago in other Apple products, are finally fixed for Mac users.

TOPICS: Security, Apple, Google, iOS

Apple has issued security updates for the Safari browser on Mac OS. All of the vulnerabilities are in the WebKit browser engine in Safari and many other programs.

The update fixes 27 vulnerabilities, 26 of which could lead to remote code execution. The 27th could allow a program running arbitrary code (such as one which exploited one of the first 26 vulnerabilities) to read arbitrary files despite sandbox restrictions.

As is often the case with Apple security updates, many of the vulnerabilities have been publicly known for some time. The oldest in this group is CVE-2013-2871, was reported in May 2013 and patched in Google Chrome in July.

Furthermore, many of these same vulnerabilities were patched in updates to Apple TV and in iOS 7.1 several weeks ago.

The Google Chrome security team was involved in reporting 15 of the vulnerabilities. Google has announced that they will move away from WebKit, at least from the official distribution, but they are still affected by many of the problems in it.

Topics: Security, Apple, Google, iOS

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Typical of Apple

    A year to patch an exploit? Yep......that sounds about right for Apple.
  • What would the Apple and Windows trolls do?

    If Apple and Microsoft merged to form Softcore? Probably gang up on the Linux fans! ;`}
    • naaa...

      they would be too busy trolling each other... :)
      • Oh, yeah

        MY half of Softcore is STILL better than YOUR half!
  • Yeah!

    I bet you can make a 'MAC versus PC' ad about it,
  • Apple = Microsoft per Security

    If you are running Windows 7 or 8x and have patches auto update, running as user, and running any decent AV (even free ones) you are just as secure as a Mac. Both of these systems attack vectors are via third party runtimes and apps such as Java, Flash, Reader, etc.

    Apple's biggest advantage is that they are still a marginal product, most numbers in the US.
    Rann Xeroxx
  • According to the Apple link at the top of the artcle

    the following OS X versions are supported with this update:

    o OS X Lion v10.7.5
    o OS X Lion Server v10.7.5
    o OS X Mountain Lion v10.8.5
    o OS X Mavericks v10.9.2

    Thus, Apple has not completely abandoned OS X Lion and Mountain Lion. Noticeably absent is OS X Snow Leopard 10.6 which still has a larger market share than OS X Lion 10.7 and OS X Mountain Lion 10.8. OS X Snow Leopard is Apple's soon-to-be Windows XP.
    Rabid Howler Monkey
    • Basically just Safari

      Apple has consistently kept Safari updated on the older platforms, but there are still many dozens of OS X bugs that aren't patched in them.
    • Re: OS X Snow Leopard and lack of support....

      OS X 10.6 Snow Leopard still has a considerable user base unlike the unpopular OS X 10.7 Lion.

      OS X 10.6 Popular not supported

      OS X 10.7 Unpopular supported

      Apple needs to start supporting OS X Snow Leopard again.