lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <7F92707B-51C6-4B8B-88E6-70C65E0F9795@lists.apple.com>
Date: Mon, 17 Sep 2018 11:23:37 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2018-9-17-4 Safari 12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-9-17-4 Safari 12

Safari 12 is now available and addresses the following:

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with
redirect chains. The issue was addressed with improved data deletion.
CVE-2018-4329: Hugo S. Diaz (coldpointblue)

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com)

Installation note:

Safari 12 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlud5zQACgkQeC9tht7T
K3Hd8A//dQTRkRdIEf2iYyfO6Sid5H1WSndQE5NmI9PlnBz/asdyJtHL+XDGeCE9
1qjl/lzub/QRIne0oxxz3b1k8yFWhTz8NgiyGMdL/FLKqyGkO4oxLYCN0k1la9RE
1tTfV48Pj7naVJePC6latzc3Ll/9oBqmkHDqckpEJcBDI0ziLk20mY9MK9/aQkhc
eFdHtbODaIKq1CKCCkoZL/ZiL3sKmxdSXoO658+eBt0Wj1KmNe1mcWZ5IpYpxXFU
bzC1QDWYV8b3763z/chb6YUljZzZ2w0IZvZr+GPRrC6nR0ozGlGzZsjvQZIXUcOb
tqrGkz34NLHi/M0ygvQ4ztKmycieQb6UqdhsrJtd5OKZlYqQc9aMq250Ft/Lkl+7
+u5nJfsAv8YWG8SJxcKmc8Kx1AgvRmkvgLmiMIh8pKox5NdzkuIYM7Lst3Eg9s5b
NG++c7VT7SKnFiYj524PuwJw1W2n6CknZgBqq2XylrUo8ceeC3oV8T4ltCXK2thS
eeV74ltadfPLnPfemxy5az4BC2hSqkpp7QhNOKik25O0fzd2bgt1Xt2SH8YjcZqv
08Mjtf6WXj6yrLu2Ym0J4DLg2cTKPjsxF6lNIUOrkPNYbclfQDYkSiT4oEnt16+H
J/XEr6lVa4BdvwSxZF76HSgvB6BaZefc31Sz3gdk96TkRfgIkRc=
=0eDn
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ