Apple Squashes Memory Corruption and URL Disguising Bugs in Safari

SecurityApple released Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 Tuesday, releases that patch many memory issues, included memory corruption. The updates also address an issue that could allow malicious hackers to disguise a URL.

Apple's patch notes:

Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4

WebKit

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

CVE-ID

  • CVE-2015-1068 : Apple
  • CVE-2015-1069 : Apple
  • CVE-2015-1070 : Apple
  • CVE-2015-1071 : Apple
  • CVE-2015-1072
  • CVE-2015-1073 : Apple
  • CVE-2015-1074 : Apple
  • CVE-2015-1075 : Google Chrome Security team
  • CVE-2015-1076
  • CVE-2015-1077 : Apple
  • CVE-2015-1078 : Apple
  • CVE-2015-1079 : Apple
  • CVE-2015-1080 : Apple
  • CVE-2015-1081 : Apple
  • CVE-2015-1082 : Apple
  • CVE-2015-1083 : Apple

WebKit

Impact: Inconsistent user interface may prevent users from discerning a phishing attack
Description: A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL. This issue was addressed through improved user interface consistency checks.

CVE-ID

  • CVE-2015-1084 : Apple

You can download the update for your version of OS X through the Mac App Store.