Apple Releases Patch for Safari Security Flaws
"Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution," Apple disclosed in a support document regarding the security content of Safari 6.0.2.
The update is primarily intended to protect Safari users from drive-by download attacks, not only by addressing JavaScript issues, but also by closing a security hole in the SVG implementation of WebKit.
Apple credits Joost Pol and Daan Keuper of Certified Security working with HP TippingPoint's Zero Day Initiative for discovering the JavaScript vulnerabilities, and Pinkie Pie working with Google's Pwnium 2 contest for discovering the SVG flaw.