[<prev] [next>] [day] [month] [year] [list]
Message-id: <45A78DBE-9DC7-4773-87B4-433DBF4FCC27@lists.apple.com>
Date: Tue, 13 Dec 2016 10:52:14 -0800
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2016-12-13-2 Safari 10.0.2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-13-2 Safari 10.0.2
Safari 10.0.2 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-7650: Erling Ellingsen
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4743: Alan Cutter
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: A validation issue was addressed through improved state
management.
CVE-2016-7586: Boris Zbarsky
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-7587: Adam Klein
CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with
Trend Micro's Zero Day Initiative
CVE-2016-7611: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2016-7639: Tongbo Luo of Palo Alto Networks
CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7642: Tongbo Luo of Palo Alto Networks
CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7654: Keen Lab working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7589: Apple
CVE-2016-7656: Keen Lab working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may compromise
user information
Description: An issue existed in handling of JavaScript prompts. This
was addressed through improved state management.
CVE-2016-7592: xisigr of Tencent's Xuanwu Lab
(tencent.com)
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An uninitialized memory access issue was addressed
through improved memory initialization.
CVE-2016-7598: Samuel Groß
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An issue existed in the handling of HTTP redirects. This
issue was addressed through improved cross origin validation.
CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies
Co., Ltd.
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Visiting a maliciously crafted website may compromise user
information
Description: An issue existed in the handling of blob URLs. This
issue was addressed through improved URL handling.
CVE-2016-7623: xisigr of Tencent's Xuanwu Lab
(tencent.com)
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7632: Jeonghoon Shin
Safari 10.0.2 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYT7LLAAoJEIOj74w0bLRGN4UQAJ8QGVJNCoYlvJEY/VHAOQWm
LMm32fidQv1hHsu5fKfCnkhhQkqO97wEFleVJ/SZkrc19ALS5XHuW7HJBvbo84US
JBkp6BUJao8Ye4hgbbpp6bNUB+PUsyJoF8iSF3PjDbXEWbe4T/NM62JUcmlDsGAl
YR7euBKRBXGAnm9sJWdBa3pbXfSwhCVeSZYY61SIr85Jkq8r7e5vFHqoW+9Anh7G
3Q51BqI5o+c6CwdylQAHfJigmfcOW0zrzYH4CviRwgMpI3ikqGij4sLXuoDZA2f0
YDMIAovRyBVlY7IRHOIQbUKW4I5bqBDcVOAGA11jHI6QjQjUWbVOC05pxLnF8pLB
4CbYTSqlYRaosJHncsvG9m+8pClik9eNleJaYJ7dPghnTtvoWYysi9rlvyWk3x9e
5u1fLgHjcHkF68iTWRC6DYDwiZZeFnMIl+gXApCe0f4uoZMtyOY5tWdwvlVEpGJz
lbL6uGX748Cg68JupyWnrcIXZiLrw/YujS+tRgsLyNhTTy1SObTQwqp0jZ89y1g7
+535ZJk/AyR9rWcBVcldrINQ0R4iqZoa1npwwAd/b0ItZgzFPzz5RPGltl2syTvp
3hNGv5HeJqFGND2Apn5/pLD/n9gMMROCkQx2ooFAEehZ1BJE3WJXaDBMEy6jtfK2
OmgDKgbTexNtFNMI1qBE
=cycU
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists