| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Jul 2023 17:24:49 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2023-07-24-1 Safari 16.6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-07-24-1 Safari 16.6 Safari 16.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213847. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. WebKit Available for: macOS Big Sur and macOS Monterey Impact: A website may be able to bypass Same Origin Policy Description: The issue was addressed with improved checks. WebKit Bugzilla: 256549 CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma Soft Pvt. Ltd, Pune - India WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved checks. WebKit Bugzilla: 256865 CVE-2023-38594: Yuhao Hu WebKit Bugzilla: 256573 CVE-2023-38595: an anonymous researcher, Jiming Wang, and Jikai Ren WebKit Bugzilla: 257387 CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 258058 CVE-2023-38611: Francisco Alonso (@revskills) WebKit Process Model Available for: macOS Big Sur and macOS Monterey Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved checks. WebKit Bugzilla: 258100 CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic WebKit Web Inspector Available for: macOS Big Sur and macOS Monterey Impact: Processing web content may disclose sensitive information Description: The issue was addressed with improved checks. WebKit Bugzilla: 256932 CVE-2023-38133: YeongHyeon Choi (@hyeon101010) Additional recognition WebRTC We would like to acknowledge an anonymous researcher for their assistance. Safari 16.6 may be obtained from the Mac App Store. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLUACgkQ4RjMIDke NxmswA/+Ogpb238ypqmIxTWos/b/TTV2uTnDHQHuKGVBMiVy0Rh+3Cnu2GTTSLiC bYh2hWCXP3jarhE3/dosv7AhtYvDHYgh0fCbVCRn43rTGVMpJGSAZ3NzyfD76fPQ 4XlaGZuf9326GGXq9lY00Ga98zA0Hf40JJzVpYXgoLopmVml8lgRyJSN1EVjXPJR fKJSe0y/aKHmH1qAIyVG4Q0qMVTamRCUmZwSp++UZ/gwg2E3qBTT30voPmvw1onW uRMdUXyh+K74/O7nan6P5z/WHuUAdRX6Hpjr7IvNcasm/KPEBOfj4lx1YwWJ592E F0o+d2k7awPElXMfsGTewW1HynJuis57AN808XOYjBCd+pKKlQq6NdKun87d3zxr RjmDdh4Yoqs3aaDckRYk8arq4g0/mKn9wSiVXwvoYC5YBePR8CQxzdP98gAqhjQM y9w1xPyb0Y5qCNPhPw4dk7OSrLI3y8Z+BWdMc/TIO+GOHYMdM4BtUoZ/M5T3Nqgb ++EAggF5ajSJXmHNEVS5zLDcuP+HSYqQphqc8y6WMmWHM8tLA53OWiTDMSHP5n0x OFdgAYgegvc2dDbhDjVMAaVJuWqMKtsnIO//1+9ffBk4QSkQUZwGk3ybO+r27V4a 1NzO/xMvepp/ZHj+R7j+bE4KVw6bPX43agaE+00WMMx+TqVXa4c= =RW2J -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists