Vulnerability fixes for the Safari browser are now within Apple’s latest Mavericks operating system (version 10.9.1).
Safari 7.0.1 released Monday, and the browser update addresses eight arbitrary code execution flaws, as well as a bug that could allow the disclosure of users’ credentials.
Arbitrary code execution vulnerabilities could lead to “unexpected application termination” or to malicious code executed by an attacker if a user visits an infected website, the company revealed.
Google’s Chrome security team disclosed three of the code execution flaws to Apple.
Exploit of the information disclosure bug in Safari (CVE-2013-5227) could end up leveraged through websites that utilize autofill, Apple said.
“Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame,” Apple said of the bug. “This issue was addressed through improved origin tracking.”