This issue was addressed through improved origin tracking. CVE-2013-5227 : User credentials may be disclosed to an unexpected site via autofill. Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame.The following vulnerabilities were fixed in Safari 6.1.1 and Safari 7.0.1:
Safari 6.1.1 and Safari 7.0.1 are available for OS X Lion 10.7.5, OS X Lion Server 10.7.5, OS X Mountain Lion 10.8.5, and OS X Mavericks 10.9. Apple’s OS X 10.9.1 update includes the security content of Safari 7.0.1. The Safari updates address an information disclosure bug and multiple memory corruption issues in WebKit.Īpple also released a system update to OS X Mavericks, updating to version 10.9.1.
Security News Apple Releases Safari 6.1.1 and Safari 7.0.1Īpple has released Safari 6.1.1 and Safari 7.0.1 with patches for 9 vulnerabilities to improve its web browser security.
