Apple has finally albeit a little late, released the fixes to more than two dozens bug in Safari web browser last Tuesday, including the patches to the vulnerabilities exploited last month at Pwn2Own hacking contest.

Apple releases patch to two dozens bugs in safari including the Vulnerability exploited at Pwn2Own last month.

The company released updates for both safari 6 and 7 and promoted the latest version Safari 6.1.3 and Safari 7.0.3 with new security updates included.

Apple software engineers have patched a total of 27 Vulnerabilities, most of them in WebKit, the open-source browser engine that powers Safari, and all but one considered critical.  The critical vulnerability allows “arbitrary code execution,” the company said in a presser, The Arbitrary code execution can be exploited to inject malware on the victim’s computer.  Another critical vulnerability “the memory corruption bug”  is also of high risk in some cases, cybercriminals can exploit this vulnerability by creating specially crafted malicious website which crash the Safari browser.

Among the 27 more than half of the bug’s were discovered by Google’s security team including the most remarkable bug that allows a hacker running code in the browser’s secure sandbox to bypass restrictions and read arbitrary files on the system. If you are thinking why Google was interested in finding a bug in Apple’s Software, it is because that both Google’s Chrome and Safari uses the same WebCore component of the open-source Webkit and which means that the bugs that are discovered are a common ailment for both Safari and Chrome belonging to the respective Companies.

Other set of bugs discovered included those highlighted at Pwn2Own hacking contest last month including the bug that allowed heap-based buffer overflow which can be exploited remotely to bypass a sandbox protection mechanism via unspecified vector. This vulnerability was discovered by Liang Chen of member of a Shanghai-based group of security researchers “Keen Team,” and was rewarded a bounty prize of $65,000 for discovering this bug.

Another was discovered by French vulnerability seller Vupen, which also sent a team to Pwn2Own. Vupen hacked several targets, including Chrome, Adobe Reader and Adobe Flash, and Microsoft’s Internet Explorer, winning a reward of $400,000. The bug patched in WebKit the same which is used by both Google’s Chrome and Apple’s Safari as noted above.

Apple have advised users to download the patch or update their browser as soon as possible.

LEAVE A REPLY

Please enter your comment!
Please enter your name here