Apple released a security update to Safari on March 17 which applied to versions of Safari running not only on Yosemite, but Mavericks and Mountain Lion as well. Apple did not release any details on the vulnerabilities being patched, other than to say that:
- Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
- A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL. This issue was addressed through improved user interface consistency checks.
The memory corruption issues allowed a malicious web site to cause an unexpected application termination or the execution of malicious code, while the user interface inconsistencies opened a door to possible phishing attacks.
As always, the best practice is to keep up-to-date with security related patches.