Apple released an update to its Safari web browser that patches 22 vulnerabilities in the WebKit browser engine that allow code execution or a browser crash. The vulnerabilities could be exploited if the user was tricked into visiting a malicious website and fell victim to a drive-by download. Apple also described a second security issue in the way WebKit handles Unicode characters in URLs; Apple said a malicious site could send messages that would circumvent the receiver s origin check, causing the browser to crash. Many of the bugs were discovered by the Google Chrome Security Team; Google used WebKit in the Chrome browser until version 27.
Source: https://threatpost.com/apple-patches-22-safari-webkit-vulnerabilities/106270/