Apple Releases New Safari and iOS

Apple today released new versions for the Safari browser on Mac OS X addressing two vulnerabilities in WebKit, CVE-2012-3748 and CVE-2012-5112. CVE-2012-5112 was discoverd by the security researcher Pinkie Pie during Google’s recent pwn2own competition at HITB Kuala Lumpur.

Apple’s new iOs version 6.0.2. addresses four vulnerabilities, including the above CVE-2012-5112 in WebKit and an ASLR bypass described by Mark Dowd and Tarjei Mandt also at HITB Kuala Lumpur 2012.

We recommend updating your software as soon as possible, as both updates contain fixes for critical vulnerabilities that allow an attacker to take control of your systems.