(LiveHacking.Com) – Apple recently released iOS 5.1 with over 60 fixes to WebKit, the web rendering engine used by the iPhone’s operating system. Now Apple has released and update to Safari (its web browser for Windows and Mac) with many an almost identical set of fixes. One thing made very clear from this is that Apple are truly using the same code across its mobile and desktop versions of it Safari browser and that vulnerabilities found by Google in its web browser often apply to Safari in iOS and on the desktop.
As with the iOS update, most (if not all) of these WebKit errors have been previously fixed in Google’s Chrome web browser with many of the vulnerabilities being credited to the “Google Chrome Security Team” or to security researchers who receive rewards from Google for finding bugs like Sergey Glazunov. However Apple did do its fair share of the work with a good portion of the WebKit vulnerabilities being discovered by Apple themselves.
The majority of the WebKit errors are described by Apple, in its security advisory, as memory corruption issues that can be exploited if the user visits a specially crafted web page. Rendering the page may lead to an unexpected application termination or arbitrary code execution. Other fixes included in Safari 5.1.4 include:
- Look-alike characters in a URL could be used to masquerade a website. The International Domain Name (IDN) support in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue is addressed through an improved domain name validity check. This issue does not affect OS X systems.
- Visiting a maliciously crafted website may lead to the disclosure of cookies. A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins.
- Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack. A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins.
- HTTP authentication credentials may be inadvertently disclosed to another site. If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site.
What is currently unknown is if Safari is vulnerable to the two critical vulnerabilities found in Chrome last week during the CanSecWest security conference for which Google paid out over $120,000 to Sergey Glazunov and a researcher known as PinkiePie (aka PwniePie).
Safari 5.1.4 is available to download, for Mac and Winodws, from Apple’s Safari page.