Apple patches Mac Safari security

A large number of updates, some quite old and many updated weeks ago in other Apple products, are finally fixed for Mac users.

Apple has issued security updates for the Safari browser on Mac OS. All of the vulnerabilities are in the WebKit browser engine in Safari and many other programs.

The update fixes 27 vulnerabilities, 26 of which could lead to remote code execution. The 27th could allow a program running arbitrary code (such as one which exploited one of the first 26 vulnerabilities) to read arbitrary files despite sandbox restrictions.

As is often the case with Apple security updates, many of the vulnerabilities have been publicly known for some time. The oldest in this group is CVE-2013-2871, was reported in May 2013 and patched in Google Chrome in July.

Furthermore, many of these same vulnerabilities were patched in updates to Apple TV and in iOS 7.1 several weeks ago.

The Google Chrome security team was involved in reporting 15 of the vulnerabilities. Google has announced that they will move away from WebKit, at least from the official distribution, but they are still affected by many of the problems in it.