Safari 6.0.1: A major security update for Lion, Mountain Lion
Mountain Lion users that have downloaded and installed OS X 10.8.2 already have Safari 6.0.1. However, those running Lion, need to check Software Updates (Mac App Store) for this important update of Apple’s default browser, which includes patches for dozens of vulnerabilities and issues.
Wednesday, September 19 was a busy, busy day full of Mac and iOS software updates from Apple. However, some folks might have missed the release of Safari 6.0.1 for Lion and Mountain Lion (i.e. part of OS X 10.8.2).
That said, have a look at Apple’s Security Content of Safari 6.0.1 article, which references fixes for a pair of headline vulnerabilities, as well as scores of other security issues:
CVE-2012-3713: In OS X Mountain Lion HTML files were removed from the unsafe type list. Quarantined HTML documents are opened in a safe mode that prevents accessing other local or remote resources. A logic error in Safari’s handling of the Quarantine attribute caused the safe mode not to be triggered on Quarantined files. This issue was addressed by properly detecting the existence of the Quarantine attribute.
CVE-2012-3714: A rare condition existed in the handling of Form Autofill. Using Form Autofill on a maliciously crafted website may have led to disclosure of information from the Address Book “Me” card that was not included in the Autofill popover. This issue was addressed by limiting Autofill to the fields contained in the popover.
Again, Mountain Lion users can get Safari 6.0.1 by installing OS X 10.8.2. Lion users need to check Software Update under the Apple menu or fire up the Mac App Store and click the Updates tab.