A serious security gap in Webkit that forced Apple to update it's operating systems to iOS 14.5.1, iPadOS 14.5.1, macOS 11.3.1, watchOS 7.4.1 and iOS 12.5.3 on Monday 3 May, has also forced Apple to issue updates for the Safari browser for macOS 10.15 Catalina and macOS 10.14 Mojave.
Safari 14.1 is part of the update for Big Sur; it has to be installed separately for the two older versions of the Mac operating system.
The vulnerability has apparently already been exploited in the wild - presumably in China - so the update is urgently recommended. The Webkit vulnerabilities are known as CVE-2021-30665 and CVE-2021-30663.
The vulnerabilties were being used by attackers, according to Apple's support notes. If the user opened a specially prepared page, the system could execute illegal code in the background and this code execution could open the door to attacks.
Apple released Safari 14.1 for macOS Catalina and Mojave last week. However there is a newer version that arrived this week which includes the security updates. If you download and install the newer update it will include the changes that arrived last week.
To make sure that you have downloaded the latest version of Safari, check the build number of the browser after the update: on macOS Catalina it should be 156184.108.40.206.7, on macOS Mojave - 146220.127.116.11.7. The build number can be found in the menu bar when Safari is open under "Safari - About Safari". In addition to the version number, the build number is always listed in the window that appears.
This article originally appeared on Macwelt. Translation by Karen Haslam.