Languages

About the security content of Safari 6.0.1

Learn about the security content of Safari 6.0.1.

This document describes the security content of Safari 6.0.1.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".
 

Safari 6.0.1

        Note: For OS X Mountain Lion systems, Safari 6.0.1 is included with OS X Mountain Lion v10.8.2.

  • Safari

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1

    Impact: Opening a maliciously crafted downloaded HTML document may lead to the disclosure of local file content

    Description: In OS X Mountain Lion HTML files were removed from the unsafe type list. Quarantined HTML documents are opened in a safe mode that prevents accessing other local or remote resources. A logic error in Safari's handling of the Quarantine attribute caused the safe mode not to be triggered on Quarantined files. This issue was addressed by properly detecting the existence of the Quarantine attribute.

    CVE-ID

    CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada

  • Safari

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1

    Impact: Using Autofill on a maliciously crafted website may lead to the disclosure of contact information

    Description: A rare condition existed in the handling of Form Autofill. Using Form Autofill on a maliciously crafted website may have led to disclosure of information from the Address Book "Me" card that was not included in the Autofill popover. This issue was addressed by limiting Autofill to the fields contained in the popover.

    CVE-ID

    CVE-2012-3714 : Jonathan Hogervorst of Buzzera

  • Safari

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1

    Impact: After editing a HTTPS URL in the address bar, a request may be unexpectedly sent over HTTP

    Description: A logic issue existed in the handling of HTTPS URLs in the address bar. If a portion of the address was edited by pasting text, the request may be unexpectedly sent over HTTP. This issue was addressed by improved handling of HTTPS URLs.

    CVE-ID

    CVE-2012-3715 : Aaron Rhoads of East Watch Services LLC, Pepi Zawodsky

  • WebKit

    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2011-3105 : miaubiz

    CVE-2012-2817 : miaubiz

    CVE-2012-2818 : miaubiz

    CVE-2012-2829 : miaubiz

    CVE-2012-2831 : miaubiz

    CVE-2012-2842 : miaubiz

    CVE-2012-2843 : miaubiz

    CVE-2012-3598 : Apple Product Security

    CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer

    CVE-2012-3602 : miaubiz

    CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3612 : Skylined of the Google Chrome Security Team

    CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3614 : Yong Li of Research In Motion, Inc.

    CVE-2012-3616 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3617 : Apple Product Security

    CVE-2012-3621 : Skylined of the Google Chrome Security Team

    CVE-2012-3622 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3623 : Skylined of the Google Chrome Security Team

    CVE-2012-3624 : Skylined of the Google Chrome Security Team

    CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3643 : Skylined of the Google Chrome Security Team

    CVE-2012-3647 : Skylined of the Google Chrome Security Team

    CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team

    CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google Chrome Security Team

    CVE-2012-3652 : Martin Barbella of Google Chrome Security Team

    CVE-2012-3654 : Skylined of the Google Chrome Security Team

    CVE-2012-3657 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3658 : Apple

    CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team

    CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3675 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3676 : Julien Chaffraix of the Chromium development community

    CVE-2012-3677 : Apple

    CVE-2012-3684 : kuzzcc

    CVE-2012-3685 : Apple Product Security

    CVE-2012-3687 : kuzzcc

    CVE-2012-3688 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple Product Security

    CVE-2012-3699 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3700 : Apple Product Security

    CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3702 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3703 : Apple Product Security

    CVE-2012-3704 : Skylined of the Google Chrome Security Team

    CVE-2012-3705 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3706 : Apple Product Security

    CVE-2012-3707 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3708 : Apple

    CVE-2012-3709 : Apple Product Security

    CVE-2012-3710 : James Robinson of Google

    CVE-2012-3711 : Skylined of the Google Chrome Security Team

    CVE-2012-3712 : Abhishek Arya (Inferno) of the Google Chrome Security Team

 

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
Last Modified: Sep 19, 2012
Helpful?
Yes
No
  • Last Modified: Sep 19, 2012
  • Article: HT5502
  • Views:

    16272
  • Rating:
    • 100.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked