Among them are researchers who found and publicly demonstrated flaws in Safari at the Pwn2own 2014 event in March that was sponsored by Hewlett-Packard’s Zero Day Initiative (ZDI)ĭuring the Pwn2own event, the Keen Team security research group leveraged a memory heap overflow, along with a sandbox bypass, to exploit Apple’s Web browser. Though Google security researchers are well-represented on the list of people who provided bugs to the new Safari update, there are others as well. “These issues were addressed through improved memory handling.” “Multiple memory corruption issues existed in WebKit,” Apple’s security advisory states. Google has long been a key contributor of research and bug fixes to WebKit, benefiting both Safari and Chrome users.Īs it turns out, even though Blink is a code fork, it still relies on elements of the WebKit engine and Google still has a need to patch those elements, which also impacts Safari.Īll the WebKit issues reported in the Safari update are memory-related issues.
At the time, there was some speculation that Google’s forking the WebKit would potentially leave Safari security at risk. Google decided a year ago to fork WebKit into its own rendering engine, known as Blink. Until April 2013, the open-source WebKit was also the rendering engine used by Google to power its Chrome Web browser. All the vulnerabilities fixed in the Safari update are within the WebKit rendering engine.
In total, the browser updates provide fixes for 27 vulnerabilities, with the Google Chrome Security Team reporting 16 of them.
WEBKIT SAFARI FOR MAC OS X
The Safari 7.0.3 and 6.1.3 browsers were both released by Apple on April 1 for Mac OS X users. Apple updated its Safari Web browser this week, thanks in no small part to the efforts of Google.
0 kommentar(er)
