Apple Fixes WebKit Vulnerabilities in Safari Browser

2015-05-07T10:49:00
ID APPLE-FIXES-WEBKIT-VULNERABILITIES-IN-SAFARI-BROWSER/112670
Type threatpost
Reporter Brian Donohue
Modified 2015-05-07T14:49:05

Description

Apple has updated its Safari browser, fixing a handful of exploitable WebKit flaws in various versions of Safari.

WebKit is the core layout engine responsible for rendering webpages in the Safari browser.

Related Posts

Apple Patches Trident Vulnerabilities in OS X, Safari

September 2, 2016 , 10:00 am

Putting Apple Bug Bounty Rewards in Perspective

August 10, 2016 , 11:00 am

iOS 9.3.4 Patches Critical Code Execution Flaw

August 8, 2016 , 9:00 am

The first bulletin, vulnerabilities uncovered by Apple, resolves multiple memory corruption issues in Webkit. On unpatched systems, an attacker could exploit CVE-2015-1152, CVE-2015-1153 and CVE-2015-1154 by compelling a user to visit a malicious website, which, in turn, could lead to an unexpected application termination or arbitrary code execution. Apple resolved the problem with improved memory handling. Fixes are available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 and OS X Yosemite v10.10.3.

The second bulletin resolves just one vulnerability, CVE-2015-1155, which was discovered by Joe Vennix of Rapid7 along with researchers from HP’s Zero Day Initiative. The flaws emerged from a state management problem in Safari that allowed unprivileged origins to access filesystem contents. This was exploitable if a user were compelled to visit a specially created webpage, after which the attacker could access filesystem information. Apple resolved this in OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 and OS X Yosemite v10.10.3 through improved state management.

The final bulletin, CVE-2015-1156, reported by Zachary Durber of Moodle, resolves a problem in the way that rel attributes are handled in anchor elements. Target objects could get unauthorized access to link objects, leading to interface spoofing, if an attacker compelled his victim to visit a maliciously crafted website. Apple fixed the problem by implementing better link-type adherence in OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 and OS X Yosemite v10.10.3.

The complete details for Apple’s patches can be found on the Apple support site.