lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 18 Jul 2016 17:22:29 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2016-07-18-5 Safari 9.1.2 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-5 Safari 9.1.2

Safari 9.1.2 is now available and addresses the following:

WebKit
Available for:  OS X El Capitan v10.11.6
Impact:  Visiting a malicious website may disclose image data from
another website
Description:  A timing issue existed in the processing of SVG. This
issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak

WebKit
Available for:  OS X El Capitan v10.11.6
Impact:  Visiting a malicious website may lead to user interface
spoofing
Description:  An origin inheritance issue existed in parsing of
about: URLs. This was addressed through improved validation of
security origins.
CVE-2016-4590 : xisigr of Tencent's Xuanwu
Lab (www.tencent.com)

WebKit
Available for:  OS X El Capitan v10.11.6
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4586 : Apple
CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-4622 : Samuel Gross working with Trend Micro’s Zero Day
Initiative
CVE-2016-4623 : Apple
CVE-2016-4624 : Apple

WebKit
Available for:  OS X El Capitan v10.11.6
Impact:  Visiting a maliciously crafted website may result in the
disclosure of process memory
Description:  A memory initialization issue was addressed through
improved memory handling.
CVE-2016-4587 : Apple

WebKit
Available for:  OS X El Capitan v10.11.6
Impact:  Visiting a maliciously crafted webpage may lead to a system
denial of service
Description:  A memory consumption issue was addressed through
improved memory handling.
CVE-2016-4592 : Mikhail

WebKit
Available for:  OS X El Capitan v10.11.6
Impact:  Visiting a maliciously crafted website may compromise user
information on the file system
Description:  A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4591 : ma.la of LINE Corporation

WebKit JavaScript Bindings
Available for:  OS X El Capitan v10.11.6
Impact:  Visiting a maliciously crafted website may lead to script
execution in the context of a non-HTTP service
Description:  A cross-protocol cross-site scripting (XPXSS) issue
existed in Safari when submitting forms to non-HTTP services
compatible with HTTP/0.9. This issue was addressed by disabling
scripts and plugins on resources loaded over HTTP/0.9.
CVE-2016-4651 : Obscure

WebKit Page Loading
Available for:  OS X El Capitan v10.11.6
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4584 : Chris Vienneau

WebKit Page Loading
Available for:  OS X El Capitan v10.11.6
Impact:  A malicious website may exfiltrate data cross-origin
Description:  A cross-site scripting issue existed in Safari URL
redirection. This issue was addressed through improved URL validation
on redirection.
CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,
Inc. (www.mbsd.jp)

Safari 9.1.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXBBAAoJEIOj74w0bLRGvW8QAMqOAKm8CnLcqepi5pjP08WT
DZavcy5OGT/jah0WRuDSLSWgjWDQvGTsuIXvPr0sJp4ZU+KfpLRr/PP4jaHCEAgb
UOf1n42FcVsVdXwNUdyzpEvvRDd3RKzjVDWIi7VAB+dH3sM42C3qPcffJs2+sjOG
EQElvmMfAg4chSSCL6+y3l3uNabMk5oJeXJWICB8d1EtZpe5Epyp8GoYOh/JB2IG
Lt4Rw0rVG8BYYXWe8vJ0vbHSWMEaixQoDzsxFTxZUUCWBl0GqjM/Bjij+TyHf+lc
bb+4zfXPo8WKHad7M9ifl1+s8IzYUmdN3RZ8FFc02M7/i+rU0/HsmuRUxXG6dox3
r9sQKWeWr2xPmiU2pT0XPq95f2iLgt6rAFEfcK0zhLq3QbT5GQh9oyHwjc4c83+H
FGUQ8BrstJIGVRqERxI48kvhiH12PRAilEswFAAr9lJu5X+rmw/glSyYfcslkF49
rDZBAGLEFvCNuwjkAsTelvwiC3tAERhfjh33OENMgS43dVOQfwVpOWolOHN4Tqa4
oLIDzx+0+yVjs/IIAZmTdRLV7yDjat1CRN80FOBHkjuqbD8kL8hU45cvoclUjc6J
n4rOP1EG4SHph+DLfQiRVKbYWjOSOHWb3KMnkx+J5tuSVpe6FT/lpediznhacs+9
ukIIF2wGmuLEumkEjPi3
=2Qoy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ