Skip to main content

Apple squashes a couple of bugs on Safari

A new version of Apple's Safari browser was released, and this one patches some potentially dangerous Webkit-derived bugs.

The new version comes in the form of Safari 8.0.6 for the OS X Mountain Lion, Safari 7.1.6 for Mavericks and Safari 6.2.6 for Yosemite.

One of the bugs, CVE-2015-1152, 1153 an 1154 meant "Visiting a maliciously crafted website may compromise user information on the filesystem“.

Here's how Apple describes (opens in new tab) the bug:

"A state management issue existed in Safari that allowed unprivileged origins to access contents on the filesystem. This issue was addressed through improved state management.“

This basically means remote access to the file system, which is scary enough in its own right.

Another bug, CVE-2015-1155 means "Visiting a malicious website by clicking a link may lead to user interface spoofing.“

"An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorised access to link objects. This issue was addressed through improved link type adherence,“ says Apple.

Cyber security has become one of the top IT industry issues, following the leaks made by former NSA contractor, Edward Snowden.

Snowden leaked countless files showing how the American government used technology to gather information, not only about foreigners, but also about its own citizens. His discovery has prompted tech companies to improve the encryption on their devices.

Both Google and Apple updated their systems to encrypt the data on smartphones,making the government's job a lot, lot harder.

The US government, on the other hand, says the backdoor entrance is a matter of national security.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.