Skip to main content

Apple squashes a couple of bugs on Safari

A new version of Apple's Safari browser was released, and this one patches some potentially dangerous Webkit-derived bugs.

The new version comes in the form of Safari 8.0.6 for the OS X Mountain Lion, Safari 7.1.6 for Mavericks and Safari 6.2.6 for Yosemite.

One of the bugs, CVE-2015-1152, 1153 an 1154 meant "Visiting a maliciously crafted website may compromise user information on the filesystem“.

Here's how Apple describes the bug:

"A state management issue existed in Safari that allowed unprivileged origins to access contents on the filesystem. This issue was addressed through improved state management.“

This basically means remote access to the file system, which is scary enough in its own right.

Another bug, CVE-2015-1155 means "Visiting a malicious website by clicking a link may lead to user interface spoofing.“

"An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorised access to link objects. This issue was addressed through improved link type adherence,“ says Apple.

Cyber security has become one of the top IT industry issues, following the leaks made by former NSA contractor, Edward Snowden.

Snowden leaked countless files showing how the American government used technology to gather information, not only about foreigners, but also about its own citizens. His discovery has prompted tech companies to improve the encryption on their devices.

Both Google and Apple updated their systems to encrypt the data on smartphones,making the government's job a lot, lot harder.

The US government, on the other hand, says the backdoor entrance is a matter of national security.