Apple fixes seven Safari security flaws


Apple has released a security update to fix seven vulnerabilities found in Safari's Webkit framework.

The update can be found on the Apple support page now for OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.4. It applies to Safari 6.1.6 and Safari 7.0.6.

According to Apple, several memory corruption issues were present in Webkit that have been addressed with improved memory handling.

The US-based company said: "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution."

The global tech giant refused to comment on whether hackers have exploited the vulnerabilities. It said: "For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.

Even so, the United States Computer Emergency Readiness Team (US-CERT) is urging IT managers to install the updates as a matter of urgency.

"Users and administrators are encouraged to review Apple security update... and apply the necessary updates," its advisory states.

Problems with Webkit are not uncommon. It is the open source framework behind Safari, Google Chrome and other OS X applications such as Mail.

While Google Chrome frequently reports vulnerabilities in Webkit, Apple had to release a variety of browser patches in July that also covered problems with the framework.