Apple has update its Safari browser to quash three Webkit-derived bugs.
One of the bugs, CVE-2015-1155 , meant “ Visiting a maliciously crafted website may compromise user information on the filesystem,” thanks to “A state management issue … that allowed unprivileged origins to access contents on the filesystem.”
CVE-2015-1156 “Visiting a malicious website by clicking a link may lead to user interface spoofing.”
An issue in “... the handling of the rel attribute in anchor elements” was the culprit in this case, and could mean “Target objects could get unauthorized access to link objects.” The fix was “improved link type adherence.”
Webkit also suffered from problems that could mean “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.”
Apple's fix for the problems is new versions of Safari, which now comes in versions Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 for OS X Mountain Lion, Mavericks and Yosemite respectively. The problems hit Mac OS only – there's no word the iOS versions of the browser need a fix. ®