[<prev] [next>] [day] [month] [year] [list]
Message-Id: <D9C43D54-B6DE-4254-990E-6212FD74B98C@lists.apple.com>
Date: Wed, 6 May 2015 14:04:57 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 are now available and
address the following:
WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.3
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1152 : Apple
CVE-2015-1153 : Apple
CVE-2015-1154 : Apple
WebKit History
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.3
Impact: Visiting a maliciously crafted website may compromise user
information on the filesystem
Description: A state management issue existed in Safari that allowed
unprivileged origins to access contents on the filesystem. This issue
was addressed through improved state management.
CVE-ID
CVE-2015-1155 : Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative
WebKit Page Loading
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.3
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An issue existed in the handling of the rel attribute
in anchor elements. Target objects could get unauthorized access to
link objects. This issue was addressed through improved link type
adherence.
CVE-ID
CVE-2015-1156 : Zachary Durber of Moodle
Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 may be obtained from
the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVSmEJAAoJEBcWfLTuOo7tixsP/1BA4ipZ+MJwPqMEkVmYHyCc
4RtNYjWB6gX7yRLA9x3FdSXo1XG9C+1mtnWV3Acp2sP/mtmhH9yjUrayqYANsBoe
Qrunfhhhx19DLYJ4989Y2HzWa8TJCYf/48Sh8PS5Jaf0FXdEUsqy/vBv/XGZLLrD
k60uzyLswMp12OVC14c9Ueq7dMWXscebl7CGkKxuBAfvYpcZdhbmDWg/kkRGruZJ
Ezh6m4YAzBSaeuoibKKZbAVbHlH+xW8wThw3GHfnwfBvX03ZsgH5mdw2UWPgT+gG
/wrllHKG/qpaPeS0WZDVbI8NxmQP/YK+Fall2yqAUwDX7xj9VDZAKVElst9CWl6U
Y+jn8+MxTPLqAAnmvl/0zcsU5qR/DzsbqT6MVCDH0PqPspdzHfyT6d7sT/fBN2Ri
ti3uw7YmQCCQzi16vcGZnFjlIMDHB+hp5slp7hiVvAjixclYmRE62WME9VT/lZBW
Kqs+OE6ZQ4jsHX1uhGNdQzGgQbwHtoNkh8rge+VvMQZwMV/IMW9hnTzKStEOPpmz
EZuJRsVA7ZNaVd+y22Vfb8jyrY7BLiALKGpPaZNkmkF/hRgQHsXiXwC69np/6Jcg
2fy1uEt7eWKNPzQo1oUMtJ1jLzBMIBZoH4UpbpFZaHfHx/KYl8Pi8IahK7PT/r96
d2NeGKt3ZU8rm9473KsB
=EyH2
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists