Apple patches Mac Safari security

Summary:A large number of updates, some quite old and many updated weeks ago in other Apple products, are finally fixed for Mac users.

Apple has issued security updates for the Safari browser on Mac OS. All of the vulnerabilities are in the WebKit browser engine in Safari and many other programs.

The update fixes 27 vulnerabilities, 26 of which could lead to remote code execution. The 27th could allow a program running arbitrary code (such as one which exploited one of the first 26 vulnerabilities) to read arbitrary files despite sandbox restrictions.

As is often the case with Apple security updates, many of the vulnerabilities have been publicly known for some time. The oldest in this group is CVE-2013-2871, was reported in May 2013 and patched in Google Chrome in July.

Furthermore, many of these same vulnerabilities were patched in updates to Apple TV and in iOS 7.1 several weeks ago.

The Google Chrome security team was involved in reporting 15 of the vulnerabilities. Google has announced that they will move away from WebKit, at least from the official distribution, but they are still affected by many of the problems in it.

Topics: Security, Apple, Google, iOS


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.