The company released updates for bothsafari 6 and 7and promoted the latest version Safari 6.1.3 and Safari 7.0.3 with new security updates included.Apple software engineers have patched a total of 27 Vulnerabilities, most of them in WebKit, the open-source web client engine that powers Safari, and all but one considered critical.
The critical vulnerability allowsarbitrary code execution,the company said in a presser, The Arbitrary code execution can be exploited to inject malware on the victims computer.
Another critical vulnerability the memory corruption bug is also of high risk in some cases, cybercriminals can exploit this vulnerability by creating specially crafted malicious website which crash the Safari surfing app.Among the 27 more than half of the bugs were discovered by Googles security team including the most remarkable bug that allows a hacker running code in the browsers secure sandbox to bypass restrictions and read arbitrary files on the system.
If you are thinking why Google was interested in finding a bug in Apples Software, it is because that both Googles Chrome and Safari uses the same WebCore component of the open-source Webkit and which means that the bugs that are discovered are a common ailment for both Safari and Chrome belonging to the respective Companies.
Other set of bugs discovered included those highlighted at Pwn2Own hacking contest last month including the bug that allowed heap-based buffer overflow which can be exploited remotely to bypass a sandbox protection mechanism via unspecified vector.
This vulnerability was discovered by Liang Chen of member of a Shanghai-based group of security researchers Keen Team, and was rewarded a bounty prize of $65,000 for discovering this bug.Another was discovered by French vulnerability seller Vupen, which also sent a team to Pwn2Own.
Vupen hacked several targets, including Chrome, Adobe Reader and Adobe Flash, and Microsofts Internet Explorer, winning a reward of $400,000.
The bug patched in WebKit the same which is used by both Googles Chrome and Apples Safari as noted above.Apple have advised users to download the patch or update their web app as soon as possible.
Read More
source: www.techworm.net
