Apple released today its first milestone update for the OS X 10.9 Mavericks desktop operating system. Mavericks, Apple’s latest OS X release, first became generally available Oct. 22. The new OS X 10.9.1 release includes both stability and security updates.
On the security front, the OS X 10.9.1 update is narrowly focused on Apple’s Safari Web browser. OS X 10.9 originally shipped with Safari 7.0, which is now being updated to a patched Safari 7.0.1 release. In total, the Safari 7.0.1 update includes nine security updates for vulnerabilities found within Safari and its core WebKit rendering engine.
Apple patched the CVE-2013-5227 information leakage vulnerability in Safari 7.0.1.
“Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame,” Apple warns in its advisory. “This issue was addressed through improved origin tracking.”
The WebKit rendering engine received eight security updates for memory corruption-related issues. Apple’s advisory notes that it addressed the WebKit memory corruption issues through improved memory handling.
Three of the WebKit memory flaws were reported to Apple via the Google Chrome Security Team. Until recently, Google’s Chrome browser shared the same WebKit technology that is used by Apple. Google announced in April its intention to move to its own rendering engine, known as Blink.
Apple isn’t the only vendor to patch its browser this month. Microsoft’s December Patch Tuesday update included an updated Internet Explorer Web browser, and Mozilla recently updated its Firefox browser for security updates as well.
In terms of non-security-related updates included in the OS X 10.9.1 update, there are a number of mail-related stability fixes. Apple improved Google Gmail support within the OS X Mail application, and a bug was fixed that limited the ability of users to properly use contact groups in OS X Mail.
Apple’s Mavericks users can get a free update to the new 10.9.1 release via the Mac App Store.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.