| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Mar 2024 18:22:04 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-03-07-2024-1 Safari 17.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-07-2024-1 Safari 17.4 Safari 17.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214089. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Safari Private Browsing Available for: macOS Monterey and macOS Ventura Impact: Private Browsing tabs may be accessed without authentication Description: This issue was addressed through improved state management. CVE-2024-23273: Matej Rabzelj WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 263758 CVE-2024-23252: anbu1024 of SecANT WebKit Available for: macOS Monterey and macOS Ventura Impact: A malicious website may exfiltrate audio data cross-origin Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 263795 CVE-2024-23254: James Lee (@Windowsrcer) WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved validation. WebKit Bugzilla: 264811 CVE-2024-23263: Johan Carlsson (joaxcar) WebKit Available for: macOS Monterey and macOS Ventura Impact: A maliciously crafted webpage may be able to fingerprint the user Description: An injection issue was addressed with improved validation. WebKit Bugzilla: 266703 CVE-2024-23280: an anonymous researcher WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 267241 CVE-2024-23284: Georg Felber and Marco Squarcina Additional recognition Safari We would like to acknowledge Abhinav Saraswat and Matthew C for their assistance. Safari 17.4 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmXqb1UACgkQX+5d1TXa Ivoh2g//bhXHzsxTatzAc9z6bNAKRxUn/24uSjUqAgmeV5+5AjrShEejzxb5bft/ VMLBX5UEqj7Qc4Wc+BFgZd5fkFyUrBiyXMR4BE5UMLidqHfviDmLOzJVWR8RDWjV aUqyFZ84WDZvXk9BKvpQJ4/EnUGc8eyWSE8O1W16o8USj3BnUdDgCYPxmsea9U2i raWRinb3qfuwzapJxgDklPmvVa/K6GuwhEcH756H7LUZvZASfhzKh4iXzX0xpJ0T AOGk88jauyieIGes0R+CSwt0EDYcybLAmJrZje82NnBWg6xSkGUobRoLOXTEXWvp jdy5M2FlIJhJgpnnj0qRfEWRwHv2tZfwBEd8rqG1HuYjKzibc30DPNtAEQgOteQm 2NOS+NNjzzKjU7jBZ/RCgW0wPHblrBbe+jo3cr/y5YO0E1ZxHeo2BC98SU6OXGG+ OQUgQErR/IO0jRdX3PJHDLp6CK+H1nY62YZfz2IVdoOqzmS9Lrq9AfdFdgWUohKV uOywe1WyWAVu9FFEJYMO4rAJOoWwnfbePDTqTQ+W2tT58pYNxNeWeI+EH3A2enu4 tPGFi4Nn5oxSVVr6Ikw13G3gWokzStxoRzh51Mu4OUw8JhKA2zVXioX2yVsadvps ljn7i22H2TeDw1jPWUh3pssU0v0Q1AsxrJyZkrS3wkB1wREdzJQ= =DaJ8 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists