[<prev] [next>] [day] [month] [year] [list]
Message-id: <7F92707B-51C6-4B8B-88E6-70C65E0F9795@lists.apple.com>
Date: Mon, 17 Sep 2018 11:23:37 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2018-9-17-4 Safari 12
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-9-17-4 Safari 12
Safari 12 is now available and addresses the following:
Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains. The issue was addressed with improved data deletion.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)
Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Installation note:
Safari 12 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlud5zQACgkQeC9tht7T
K3Hd8A//dQTRkRdIEf2iYyfO6Sid5H1WSndQE5NmI9PlnBz/asdyJtHL+XDGeCE9
1qjl/lzub/QRIne0oxxz3b1k8yFWhTz8NgiyGMdL/FLKqyGkO4oxLYCN0k1la9RE
1tTfV48Pj7naVJePC6latzc3Ll/9oBqmkHDqckpEJcBDI0ziLk20mY9MK9/aQkhc
eFdHtbODaIKq1CKCCkoZL/ZiL3sKmxdSXoO658+eBt0Wj1KmNe1mcWZ5IpYpxXFU
bzC1QDWYV8b3763z/chb6YUljZzZ2w0IZvZr+GPRrC6nR0ozGlGzZsjvQZIXUcOb
tqrGkz34NLHi/M0ygvQ4ztKmycieQb6UqdhsrJtd5OKZlYqQc9aMq250Ft/Lkl+7
+u5nJfsAv8YWG8SJxcKmc8Kx1AgvRmkvgLmiMIh8pKox5NdzkuIYM7Lst3Eg9s5b
NG++c7VT7SKnFiYj524PuwJw1W2n6CknZgBqq2XylrUo8ceeC3oV8T4ltCXK2thS
eeV74ltadfPLnPfemxy5az4BC2hSqkpp7QhNOKik25O0fzd2bgt1Xt2SH8YjcZqv
08Mjtf6WXj6yrLu2Ym0J4DLg2cTKPjsxF6lNIUOrkPNYbclfQDYkSiT4oEnt16+H
J/XEr6lVa4BdvwSxZF76HSgvB6BaZefc31Sz3gdk96TkRfgIkRc=
=0eDn
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists