![]() ![]() ![]() The WebKit bulletin resolves CVE-2013-2909, reported by Atte Kettunen of the Oulu University Secure Programming Group, CVE-2013-5196, 5917, and 5225, reported by the Google Chrome security team, CVE-2013-5228, reported by the Keen Team working alongside H-P’s Zero-Day Initiative, and CVE-2013-5195,5198, and 5199, each of which was reported internally by Apple. Apple fixed the problem by improving the browser’s origin tracking system. In other words, the Safari browser was leaking user credentials to an unexpected site with its autofill feature. The vulnerability relates to a bug in Safari’s autofill feature that was pushing usernames and passwords into a subframe from a domain separate from the main frame containing the field where such information should have been entered. The Safari patch fixes CVE-2013-5227, which was reported to Apple by Niklas Malmgren, a front-end developer for the mobile payments firm Klarna AB. It appears that the broad operating system release is merely a repackaging of a bulletin fixing a single vulnerability in Apple’s Safari browser and a second bulletin addressing eight vulnerabilities in the Cupertino, California-based company’s WebKit rendering engine. The operating system update will move users to OS X Mavericks version 10.9.1. Apple updated its Mac OS X Mavericks platform yesterday with a number of security fixes for the Safari browser and WebKit layout engine. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |